The Custom::ReadOnlySecret
reads a parameter value from the Parameter Store. The parameter must exist.
To declare this entity in your AWS CloudFormation template, use the following syntax:
Type : Custom:ReadOnlySecret
Properties:
Name: String
Region: region-name
ServiceToken: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:binxio-cfn-secret-provider'
You can specify the following properties:
Name
- the name of the parameter in the Parameter Store (required)Region
- of the parameter store, default AWS::RegionServiceToken
- ARN pointing to the lambda function implementing this resource
With 'Fn::GetAtt' the following values are available:
Secret
- th retrieved value.Arn
- the AWS Resource name of the parameter.Hash
- of the secret.Version
- of the value in the store.ParameterName
- name of the SSM parameter in which the secret is stored.