I am trying to create a RDS DB cluster for postgres using cloudformation template.
I am getting this error which states: "Given input did not match expected format".
I am scratching my head and cannot figure out what's wrong with my cloudformation template. Here's my template.
MyDBCluster:
Type: AWS::RDS::DBCluster
Properties:
AvailabilityZones:
- !Sub "${AWS::Region}a"
- !Sub "${AWS::Region}b"
- !Sub "${AWS::Region}c"
BackupRetentionPeriod: 7
DatabaseName: "MyDB"
DBClusterIdentifier: !Sub ${AWS::StackName}-db-cluster
DBClusterParameterGroupName: "default.aurora-postgresql13"
DBSubnetGroupName: !Ref MyDBSubnetGroup
Engine: aurora-postgresql
EngineVersion: '13.8'
Port: 5432
MasterUsername: !Join ['', ['{{resolve:secretsmanager:', !Ref MyDBMasterSecret, ':secretString:username}}']]
MasterUserPassword: !Join ['', ['{{resolve:secretsmanager:', !Ref MyDBMasterSecret, ':secretString:password}}']]
PreferredBackupWindow: '10:21-10:51'
PreferredMaintenanceWindow: 'thu:03:03-thu:03:33'
VpcSecurityGroupIds:
- !Ref MyDBSecurityGroup
StorageEncrypted: true
KmsKeyId: !Ref MyDBKmsKey
EnableIAMDatabaseAuthentication: false
EngineMode: 'provisioned'
DeletionProtection: true
EnableHttpEndpoint: false
ScalingConfiguration:
AutoPause: true
MinCapacity: 2
MaxCapacity: 8
SecondsUntilAutoPause: 900
Any help would be greatly appreciated.
The solution. When you use a dynamic reference to retrieve secrets from Secrets manager in CloudFormation, you must use this pattern:
{{resolve:secretsmanager:secret-id:SecretString:json-key:version-stage:version-id}}
You need to take into account that it is case sensitive. That's why changing secureString to SecureString resolved the issue.