This CloudFormation Extension allows the creation of AWS Systems Manager Parameter Store Secrets with automatically generated passwords. You can find the docs in here.
The Resource Provider must be installed before use.
To build and install the Extension some CLI Tools are needed. On Mac you can install them like this.
brew install awscli
brew install aws-sam-cli
brew install pipx
pipx install cloudformation-cli
pipx runpip cloudformation-cli install --upgrade setuptools
pipx inject cloudformation-cli git+https://github.com/HeatherFlux/cloudformation-cli-typescript-plugin.git@bugfix/arch-1058-fix-dependency-and-pythonTo install the extension you can run the following command:
./deploy.shUse environment variables to specify where to install the extension.
AWS_PROFILE=dev ./deploy.shAfter registration, the resource can be used in CloudFormation templates.
Resources:
MyDatabaseSecret:
Type: Surnet::ParameterStore::Secret
Properties:
Name: /prod/db/password
Description: "Production database password"
PasswordOptions:
Length: 24
IncludeNumbers: true
IncludeSymbols: true
Serial: 1
Tags:
- Key: Environment
Value: Production
- Key: Application
Value: MyApp
Outputs:
DatabasePassword:
Value: !GetAtt MyDatabaseSecret.Password
Description: "The generated database password"Resources:
MyDatabaseSecret:
Type: Surnet::ParameterStore::Secret
Properties:
Name: /prod/db/password
Description: "Production database password"
PasswordInput: "MySuperSecretPassword"
Tags:
- Key: Environment
Value: Production
- Key: Application
Value: MyApp
Outputs:
DatabasePassword:
Value: !GetAtt MyDatabaseSecret.Password
Description: "The generated database password"