Import secret manager passphrase to intrinsic function Fn::Sub:

Question

At part of my template.yaml, I have a config resource that complies to config.json at run time.

I'm trying to import from my string a value from my secret manager.

As far as I know, importing values from the secret manager looks like so:

'{{resolve:secretsmanager:tabapay_sftp_passphrase:SecretString:tabapay_sftp_passphrase}}'

And injecting values into a string you use the intrinsic function with ! Import value. When trying to combine the two, and getting a compilation error.

What am I doing wrong?

 Config:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Sub /${Environment}/projectConfig/foo
      Type: String
      Value:
        Fn::Sub:
          - |
                {
           "stfp": {
                       "private_key_passphrase": "${myPassphrase}"
                       }
                      }
          - myPassphrase: !ImportValue '{{resolve:secretsmanager:my_sftp_passphrase:SecretString:my_sftp_passphrase}}'

"importing" in cloudformation means a very specific thing, namely importing an output/export from another stack. If you're not dong that - and you're not - then don't use `ImportValue`. So in your case just remove `!ImportValue` and it should work. — 404, May 06 '21 at 13:29

score 0 · Answer 1 · answered Oct 25 '21 at 13:45

Just remove !ImportValue.

This will work:

Config:
Type: AWS::SSM::Parameter
Properties:
  Name: !Sub /${Environment}/projectConfig/foo
  Type: String
  Value:
    Fn::Sub:
      - |
            {
       "stfp": {
                   "private_key_passphrase": "${myPassphrase}"
                   }
                  }
      - myPassphrase: '{{resolve:secretsmanager:my_sftp_passphrase:SecretString:my_sftp_passphrase}}'

Import secret manager passphrase to intrinsic function Fn::Sub:

1 Answers1