AWS: Assign tag to secret using variable

Question

I want to assign variable's value to the secret. I tried this. aws secretsmanager tag-resource --secret-id blah-blah --tags '[{"Key": "abc", "Value": "{$a}"}]'

I'm getting this error: An error occurred (InvalidRequestException) when calling the TagResource operation: Request rejected by the downstream tagging service. Please check that you're only using allowed characters.

Any help with this???

score 0 · Accepted Answer · answered Sep 14 '21 at 06:36

0

You are using wrong characters and quotes. It should be:

aws secretsmanager tag-resource --secret-id blah-blah --tags '[{"Key": "abc", "Value": "'${a}'"}]'

answered Sep 14 '21 at 06:36

Marcin

215,873
14
235
294

score 0 · Answer 2 · answered Mar 14 '23 at 13:09

I had a similar issue and this was the only exact hit on Google. For future seekers this error indictes an error on the tags, not the secrets. It kind of say in the error message, but still took me some time to figure out.

We missed a !sub for substitution on the tags on the bottom line when trying to define this in SAM:

  Auth0TokenSecret:
    Type: AWS::SecretsManager::Secret
    Properties:
      Name: 'auth0/aws-client-secret'
      Description: 'Auth0 token'
      SecretString: !Ref Auth0Token
      Tags:
        - Key: AppName
          Value: ${AWS::StackName}

AWS: Assign tag to secret using variable

2 Answers2