-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathCloudFormationSecretManager.json
86 lines (74 loc) · 3.24 KB
/
CloudFormationSecretManager.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
{
"AWSTemplateFormatVersion" : "2010-09-09",
"Description" : "Cloud Formation Template for Deploying Password Secret Manager.",
"Parameters": {
"ExcludeCharacters" : {
"Description" : "A string that excludes characters in the generated password.",
"Type" : "String",
"Default" : "\"@/\\",
"ConstraintDescription" : "The string can be a minimum length of 0 character and a maximum length of 7168 characters."
},
"ExcludePunctuation" : {
"Description" : "Specify if punctuation characters should be excluded in the password.",
"Type" : "String",
"Default" : "true",
"AllowedValues" : [ "true", "false" ],
"ConstraintDescription" : "Must be true or false."
},
"GenerateStringKey" : {
"Description" : "Specifies generation of random password by using the GetRandomPassword API.",
"Type" : "String",
"Default" : "password",
"ConstraintDescription" : "The string can be a minimum length of 0 character and a maximum length of 65536 characters."
},
"PasswordLength" : {
"Description" : "Length of the generated password.",
"Type" : "String",
"Default" : "30",
"ConstraintDescription" : "Must be a valid value."
},
"PasswordSecretsManagerDescription" : {
"Description" : "Description of the secrets manager.",
"Type" : "String",
"Default" : "Dynamically generated secret password.",
"ConstraintDescription" : "The string can be of a maximum length of 2048 characters."
},
"PasswordSecretsManagerName" : {
"Description" : "Name of the secrets manager.",
"Type" : "String",
"Default" : "/prod/sm/password-secret-manager",
"ConstraintDescription" : "The string can be of a maximum length of 256 characters."
},
"RequireEachIncludedType" : {
"Description" : "Specifies if the generated password must include at least one of every allowed character type.",
"Type" : "String",
"Default" : "false",
"AllowedValues" : [ "true", "false" ],
"ConstraintDescription" : "Must be true or false."
},
"SecretStringTemplate" : {
"Description" : "JSON string that the generated password can be added to.",
"Type" : "String",
"Default" : "{\"username\":\"resource_user\"}",
"ConstraintDescription" : "The string can be of a minimum length of 0 character and a maximum length of 65536 characters."
}
},
"Resources" : {
"PasswordSecretsManager": {
"Type" : "AWS::SecretsManager::Secret",
"Properties" : {
"Description": { "Ref" : "PasswordSecretsManagerDescription" },
"Name" : { "Ref" : "PasswordSecretsManagerName" },
"GenerateSecretString": {
"ExcludeCharacters": { "Ref" : "ExcludeCharacters" },
"ExcludePunctuation" : { "Ref" : "ExcludePunctuation" },
"GenerateStringKey" : { "Ref" : "GenerateStringKey" },
"PasswordLength" : { "Ref" : "PasswordLength" },
"RequireEachIncludedType" : { "Ref" : "RequireEachIncludedType" },
"SecretStringTemplate" : { "Ref" : "SecretStringTemplate" }
},
"Tags" : [{ "Key" : "Name", "Value" : "password-secret-manager-1" }]
}
}
}
}