def _store_secret(secret):
template = Template()
template.set_version("2010-09-09")
template.set_description("stack to store a secret string")
template.add_resource(Secret("Secret", SecretString=secret))
stack = CfnStack(
name=secret_stack_name,
region=region,
template=template.to_json(),
)
cfn_stacks_factory.create_stack(stack)
return stack.cfn_resources["Secret"]
def make(cls, config: Config,
secret_name: str,
description: str,
default: Optional[str] = None) -> 'SecretDef':
path = secret_path(config, secret_name)
return cls(
parameter=Parameter(
secret_name,
Type='String',
Description=description,
NoEcho=True,
**({'Default': default} if default else {})),
secret=Secret(
f'Secret{secret_name}',
Name=path,
SecretString=Ref(secret_name),
Description=description),
)
def add_db_secret(template):
"""
Function to add a Secrets Manager secret that will be associated with the DB
:param template.Template template: The template to add the secret to.
"""
Secret(
DB_SECRET_T,
template=template,
GenerateSecretString=GenerateSecretString(
SecretStringTemplate=Sub(f'{{"username":"******"}}'),
GenerateStringKey="password",
ExcludeCharacters="<>%`|;,.",
ExcludePunctuation=True,
ExcludeLowercase=False,
ExcludeUppercase=False,
IncludeSpace=False,
RequireEachIncludedType=True,
PasswordLength=Ref(DB_PASSWORD_LENGTH),
),
)
SecretTargetAttachment(
"ClusterRdsSecretAttachment",
template=template,
Condition=rds_conditions.USE_CLUSTER_CON_T,
DependsOn=[DB_SECRET_T, CLUSTER_T],
TargetType=DBCluster.resource_type,
SecretId=Ref(DB_SECRET_T),
TargetId=Ref(CLUSTER_T),
)
SecretTargetAttachment(
"DatabaseRdsSecretAttachment",
template=template,
Condition=rds_conditions.NOT_USE_CLUSTER_CON_T,
DependsOn=[DB_SECRET_T, DATABASE_T],
TargetType=DBInstance.resource_type,
SecretId=Ref(DB_SECRET_T),
TargetId=Ref(DATABASE_T),
)
def add_db_secret(template, resource_title):
"""
Function to add a Secrets Manager secret that will be associated with the DB
:param template.Template template: The template to add the secret to.
:param str resource_title: The Logical name of the resource associated to that secret
"""
username = Parameter(
f"{resource_title}Username",
Type="String",
MinLength=3,
MaxLength=16,
Default="dbadmin",
)
password_length = Parameter(
f"{resource_title}PasswordLength",
Type="Number",
MinValue=8,
MaxValue=32,
Default=16,
)
add_parameters(template, [username, password_length])
secret = Secret(
f"{resource_title}Secret",
template=template,
GenerateSecretString=GenerateSecretString(
SecretStringTemplate=Sub(f'{{"username":"******"}}'),
GenerateStringKey="password",
ExcludeCharacters="<>%`|;,.",
ExcludePunctuation=True,
ExcludeLowercase=False,
ExcludeUppercase=False,
IncludeSpace=False,
RequireEachIncludedType=True,
PasswordLength=Ref(password_length),
),
)
return secret
AllowedValues=["1", "2", "4", "8", "16", "32", "64", "128", "256"],
))
slclusterparametergroup = t.add_parameter(
Parameter(
"DatabaseClusterParameterGroupName",
Type="String",
Default="default.aurora5.6",
))
DbSecret = t.add_resource(
Secret(
"DbSecret",
Name="DbSecret",
Description="RDS instance master password",
GenerateSecretString=GenerateSecretString(
SecretStringTemplate="{\"username\":\"admin\"}",
GenerateStringKey="password",
PasswordLength=30,
ExcludeCharacters='/@" '),
))
rdssubnetgroup = t.add_resource(
DBSubnetGroup(
"RDSSubnetGroup",
DBSubnetGroupDescription="Subnets available for the RDS DB Instance",
SubnetIds=Ref(subnet),
))
rdssecuritygroup = t.add_resource(
SecurityGroup(
"RDSSecurityGroup",
from troposphere import Template, Tags
from troposphere.secretsmanager import Secret, GenerateSecretString
t = Template()
t.add_version('2010-09-09')
MySecret = t.add_resource(Secret(
"MySecret",
Name="MySecret",
Description="This is an autogenerated secret",
GenerateSecretString=GenerateSecretString(
SecretStringTemplate="{\"username\":\"test-user\"}",
GenerateStringKey="password",
PasswordLength=30,
),
Tags=Tags(
Appname="AppA"
)
))
print(t.to_json())
from troposphere.rds import DBInstance
from troposphere.secretsmanager import (
GenerateSecretString,
Secret,
SecretTargetAttachment,
)
t = Template()
t.set_version("2010-09-09")
DbSecret = t.add_resource(
Secret(
"DbSecret",
Name="DbSecret",
Description="This is the RDS instance master password",
GenerateSecretString=GenerateSecretString(
SecretStringTemplate='{"username":"******"}',
GenerateStringKey="password",
PasswordLength=30,
),
)
)
Instance = t.add_resource(
DBInstance(
"Instance",
AllocatedStorage="20",
DBInstanceClass="db.t2.micro",
Engine="mysql",
DBInstanceIdentifier="TestInstance",
MasterUsername=Join(
"",
from troposphere import Tags, Template
from troposphere.secretsmanager import GenerateSecretString, Secret
t = Template()
t.set_version("2010-09-09")
MySecret = t.add_resource(
Secret(
"MySecret",
Name="MySecret",
Description="This is an autogenerated secret",
GenerateSecretString=GenerateSecretString(
SecretStringTemplate='{"username":"******"}',
GenerateStringKey="password",
PasswordLength=30,
),
Tags=Tags(Appname="AppA"),
)
)
print(t.to_json())