-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow Dynamic References for Secure Values in Custom Resources #341
Comments
we don’t have any plans to invest in this currently, so for now we’d suggest migrating over to resource providers |
Hello. I created my own resource provider since but then, the problem you see is, we do not have the possibility to create private resources that will have VPC access. As per your support team, even if we had a Cloudformation VPC endpoint to provide access in both ways (such as what's required for Glue to have access to in-VPC resources), these private resources created through resource providers do not seem to be able to be set to reach resources in-VPC. I have in the meantime created a tiny lib that will allow the functions (lambda) to parse the resolve string and behave in the way one would expect CFN to do so, but that is just one more thing for people to have to think about when packaging their applications. EDIT: |
@aws-cdk/aws-eks / Cluster / addManifest(id, ...manifest) This will create a Custom Resource. When using this to add a file that contains a password it means that we cannot use secretsManager to store that password and instead have to add it into the raw config file in our code repository. So please let this be used for Custom Resources so that we no longer have to do this. Thanks |
AwsCustomResource
aws/aws-cdk#9815
I know this issue is fairly old at this point but was wondering if anyone has an update regarding this. |
@ckatsaras-godaddy I had similar issue and just implemented it in my custom resource under https:/SodaDev/sns-platform-application |
Scope of request
Currently, you can use Dynamic References for Secure Values, i.e.
{{resolve:ssm-secure:IAMUserPassword:10}}
in most places. However, it is not possible to use them as parameters (read: arguments) to a Custom Resource.This is documented here: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm-secure-strings
Under Addition Considerations:
Samples:
Expected Behavior:
We should be allowed to use a dynamic reference for secure values on custom resources.
Helpful links:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/dynamic-references.html#dynamic-references-ssm-secure-strings
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cfn-customresource.html
Category:
Compute, Security
The text was updated successfully, but these errors were encountered: