Below is a portion of my cloudformation template for an ECS task. It fetches a secret /rds/rds_secret-D2fBVv which contains a json key-value pair secret like {"password":"1234ABCD","dbname":"my_db"}...
TaskDefinitionAPI:
Type: AWS::ECS::TaskDefinition
Properties:
ContainerDefinitions:
- Name: api
Secrets:
- Name: "DB_PASSWORD"
ValueFrom: "arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
as per this documentation here.
However when creating the stack, I get the following error
ResourceInitializationError: unable to pull secrets or registry auth: Execution resource retrieval failed: unable to retrieve secret from asm: service call has been retried 1 time(s): secrets manager: failed to retrieve secret from arn:aws:secretsmanager:::secret:/rds/rds_secret-D2fBVv:SecretString:password: unexpected ARN format with parameters when trying to retrieve ASM secret
I suspect it is because I have a json key-value pair as the secret. I have tried many modifications to this, but cloudformation still complains.
According to this doc the format should be
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:appauthexample-AbCdEf:username1::"
But you have:
"arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:SecretString:password"
that should be
arn:aws:secretsmanager:<region>:<accountid>:secret:/rds/rds_secret-D2fBVv:password::