Question:
I’m trying to access secrets created in secrets manager(https://aws.amazon.com/secrets-manager/) via SSM (Systems Manager- https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html ) i.e. AWS Parameter store, and store it in a custom YAML variable in serverless.yml file?
I am trying to implement cloud formation through serverless framework(https://serverless.com/), and I am trying to implement a nested if statement in cloud formation for implementing the above using the code below.
|
1 2 3 4 5 6 7 8 9 10 |
stage: &stage 'dev' #Hardcoded for now rdsMasterPassword: !If - !Equals [*stage,"prod"] - ${ssm:/aws/reference/secretsmanager/cred-prod~true:rdsMasterPassword} - !If - !Equals [*stage,"staging"] - ${ssm:/aws/reference/secretsmanager/cred-staging~true:rdsMasterPassword} - ${ssm:/aws/reference/secretsmanager/cred-dev~true:rdsMasterPassword} |
I have tried Cloud formation instrinsic functions Fn::If for this but facing this errror :
Fn::If requires a list argument with the first element being a condition
Answer:
Just want to point out that if you’re looking to load different SSM paths based on environment, you can achieve this many ways, outlined here
I’ve had a pleasant time loading through json files, for example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
-- serverless-staging.json -- { "ssm_path": "/path/to/staging/ssm/parameter" } -- serverless-prod.json -- { "ssm_path": "/path/to/prod/ssm/parameter" } -- serverless.yml -- ... stage: ${opt:stage, 'dev'} environment: SSM_PATH: ${file(serverless-${self:provider.stage}.json):ssm_path} ... etc etc |
Hope this helps whoever else lands here from a search