如何使用 CDK 创建具有由 AWS Secrets Manager 管理的主凭证的 RDS

问题描述 投票:0回答:1

如何参考带有CDK的Secrets Manager创建RDS,例如

我的脚本如下创建一个字符串,但不是对 Secrets 的动态引用:

    const masterSecret = new cdk.aws_secretsmanager.Secret(
      this, `${id}-masterSecret`,{        
        secretName: `${id}-masterSecret`,
        encryptionKey: rdsCredentialKey,        
      }
    );

    // Create a secret in Secrets Manager to store the RDS credentials
    const credentialSecret = new cdk.aws_rds.DatabaseSecret(this, 
      `${id}-credential`, 
    {
      username: "credentialSecret",      
      secretName: `${id}-credential`,
      encryptionKey: rdsCredentialKey,
    });

    const instanceProps = <cdk.aws_rds.DatabaseInstanceProps>{
      engine: cdk.aws_rds.DatabaseInstanceEngine.postgres({
        version: cdk.aws_rds.PostgresEngineVersion.VER_15_3
      }),
      vpc,
      subnetGroup:subnetGroup,
      publiclyAccessible: publiclyAccessible,      
      credentials: cdk.aws_rds.Credentials.fromSecret(credentialSecret),

      instanceIdentifier: `${id}-rds`,

      instanceType: cdk.aws_ec2.InstanceType.of(cdk.aws_ec2.InstanceClass.BURSTABLE4_GRAVITON, cdk.aws_ec2.InstanceSize.MICRO),

      storageType: cdk.aws_rds.StorageType.GP3,      
    };
amazon-rds aws-cdk aws-secrets-manager
1个回答
0
投票

我也面临着同样的问题...

我怀疑这与 RDS 和 Secrets Manager 为此使用的命名约定有关,如下所述:https://docs.aws.amazon.com/secretsmanager/latest/userguide/service-linked-secrets.html

我将尝试以这种方式命名秘密,看看我是否可以模仿通过 UI 完成此操作时在幕后所采取的操作

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.