I'm doing a personal project and trying to not hard code a database password into a cloudformation template.
This is what I have so far:
RDSPassword:
Type: AWS::SecretsManager::Secret
Properties:
Description: Password for RDS Database
GenerateSecretString:
PasswordLength: 10
Name: RDSPassword
DBSubnetGroup:
Type: AWS::RDS::DBSubnetGroup
Properties:
DBSubnetGroupDescription: Subnet group for RDS
DBSubnetGroupName: RDSSubnetGroup
SubnetIds:
- !GetAtt PrivateSubnet1.SubnetId
- !GetAtt PrivateSubnet2.SubnetId
RDSDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 5
AvailabilityZone: eu-west-2a
DBInstanceClass: db.t2.micro
DBName: KenobiMySQLDB
DBSubnetGroupName: !Ref DBSubnetGroup
Engine: MySQL
MasterUsername: admin
MasterUserPassword: WHAT GOES HERE??
VPCSecurityGroups:
- !GetAtt RDSSecurityGroup.GroupId
In "WHAT GOES HERE" I've tried:
You should use MasterUserSecret:
RDSDatabase:
Type: AWS::RDS::DBInstance
Properties:
AllocatedStorage: 5
AvailabilityZone: eu-west-2a
DBInstanceClass: db.t2.micro
DBName: KenobiMySQLDB
DBSubnetGroupName: !Ref DBSubnetGroup
Engine: MySQL
MasterUsername: admin
MasterUserSecret:
KmsKeyId: ...
SecretArn: ...
VPCSecurityGroups:
- !GetAtt RDSSecurityGroup.GroupId