I am standing up a server with cloudformation, I want the user and password for that user to be created on startup. But I do not want the username or password in plaintext via cloudformation script. I want to have a username and password in a secret managers secret and then pull those credentials with cloudformation/userdata to create the user.
Asked
Active
Viewed 1,072 times
0
-
You'll need two things. 1. IAM policy which allows your ec2 instance to have access to the secret. You should attach this policy to IAM role of the instance. This all can be done inside cloudformation tpl. 2. user data script should be able to make aws calls. E.g. you can install awscli inside the user data and use [aws secretsmanager get-secret-value](https://docs.aws.amazon.com/cli/latest/reference/secretsmanager/get-secret-value.html) to fetch the secret. – Molecular Man Aug 30 '19 at 15:47
-
Thank you! So I get it to show the secret value, but how do I assign that value to become a username and then assign the value of another secret to be the password? or do both within one password. For example I want it to read the value of the secret and create a username and password from the secret automatically – MattMcG Sep 03 '19 at 14:04
-
Typically you store a JSON object in the secret that contains both the password and user name. You can find more examples in https://stackoverflow.com/questions/53589880 – JoeB Sep 04 '19 at 17:38