Comments (5)
fade2black
commented on May 28, 2024
1
I got you. Thank you.
from serverless-application-model.
moelasmar
commented on May 28, 2024
As per the CFN service docs for resolving Secrets Manager secrets, you need to do a change to the resource that is referring to the secret manager secrets, so CFN detect the update, and update this resource
see the below paragraph as I quoted from the CFN docs
Updating a secret in Secrets Manager doesn't automatically update the secret in CloudFormation. In order for CloudFormation to update a secretsmanager dynamic reference, you must perform a stack update that updates the resource containing the dynamic reference, either by updating the resource property that contains the secretsmanager dynamic reference, or updating another of the resource's properties.
For example, suppose in your template you specify the MasterPassword property of an AWS::RDS::DBInstance resource to be a secretsmanager dynamic reference, and then create a stack from the template. You later update that secret's value in Secrets Manager, but don't update the AWS::RDS::DBInstance resource in your template. In this case, even if you perform a stack update, the secret value in the MasterPassword property isn't updated, and remains the previous secret value.
My suggestion is to add a dummy environment variable to your lambda function, and to change its value every time you have an update in your secrets, so when you trigger a stack deployment, the lambda function will get updated, and retrieve the new secret values.
ExportFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: MyFunction
PackageType: Image
Architectures:
- x86_64
MemorySize: 2048
Timeout: 60
Environment:
Variables:
DUMMY: 1
USER: !Sub '{{resolve:secretsmanager:mysecret:SecretString:user}}'
PASSWORD: !Sub '{{resolve:secretsmanager:mysecret:SecretString:password}}'
I tested this approach, and was working fine for me. I tried to change the Secrets values, and then increment the DUMMY environment variable value, and then deploy the updated template, and found the function environment variables got update with the new values.
from serverless-application-model.
moelasmar
commented on May 28, 2024
Please let us know if this suggestion helps to solve your problem.
from serverless-application-model.
moelasmar
commented on May 28, 2024
I will close this issue. Please open a new one if you have any more questions.
from serverless-application-model.
github-actions
commented on May 28, 2024
This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
from serverless-application-model.
Related Issues (20)
- "Invalid OpenAPI input" when OpenAPI set to `3.1.0` HOT 4
- AWS SAM Connector Write needs PutObjectTagging HOT 2
- Setting the runtime of a function to nodejs20.x causes sam validate to fail. HOT 2
- AWS::Serverless::Api - setting "OpenApiVersion" causes "Stage" deployment to be skipped - why? HOT 6
- [Test] GitHub Action automatic comments on GitHub closed Issue HOT 1
- AlwaysDeploy does not include GatewayResponse updates HOT 7
- Please explain how to version AWS::Serverless::Function artifacts cleanly HOT 11
- Bug: AWS::Serverless::Function Policies partly not applied HOT 8
- Cors error from SAM template and Auth enabled. HOT 3
- VSCode SAM Schema Validation Error with !Ref in Conditions Section HOT 7
- Bug: Creates unnecessary AWSLambdaVPCAccessExecutionRole role HOT 7
- Api CORS issue with 500 status after setup Cognito authorizer HOT 3
- Building features for AWS SAM HOT 4
- Can't reset BinaryMediaTypes to a default value for API Gateway REST API HOT 2
- AWS::Serverless::Api auto deploys API when a resource is being added HOT 4
- Bug: Using a Ref in StageName is Not Working Properly - Template.yaml HOT 4
- !If not working on Serverless:Function handler HOT 5
- how to configure KMSVerifyPolicy and KMSSignPolicy HOT 1
- Feature request: Git sync HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from serverless-application-model.