Deploying secrets with AWS CloudFormation. If you have a 3rd party secret like an API key, checkout deploying given secrets. If you want to deploy a private key. Iamrolearn - (Optional) The ARN of an IAM role that AWS CloudFormation assumes to create the stack. If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials. Fabric task generator for AWS CloudFormation. A Python library that generates Fabric tasks to manipulate the stack of AWS CloudFormation. You will be able to manipulate the CloudFormation.
Generate a random string to use in your CloudFormation templates: which could then be used for example for an RDS master password.
Usage
- Create a new Lambda function with the code in lambda_function.py. No special permissions are required (unless you want to encrypt the string),so it can run with the basic execution role.
- Run up the sample template. Pass in the ARN of the lambda function.
- Check out the output of the stack.
Aws Cloudformation Sample
Parameters
- Length (required)
The length of string to generate.
- Punctuation (optional, defaults false)
Include the punctuation characters in the generated string
- RDSCompatible (optional, defaults false)
If using for an RDS master password, do not include the characters /,@,' in the generated random string.These aren't allowed to be used in an RDS master password.
- KeyId (optional)
Aws Cloudformation Documentation
If specified, encrypt the random generated string with the KMS key identified by the KeyId parameterand return it in the 'EncryptedRandomString' attribute. Obviously means that the lambda function needspermission to encrypt with this key.