By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Multiline String in SAM Config TOML Parameter

0

I have a TLS certificate and Key. It is PEM formatted. I am trying to import this certificate using SAM (subset of CloudFormation) into AWS Certificate Manager, referring the link. In the link, the Certificate and CertificateKey parameters are provided directly in the template.yaml. However, I want to pass these values from SAM Config TOML file. However, I am not sure how to pass a multiline string of a certificate via SAM Config TOML. Please help with some sample.

  • danjhd
    6 months ago

    I also just wanted to check that the private key you had included in that repo that you have linked to is not a valid private key? Or if it is i suggest you revoke it ASAP since it is now essentially in the public domain.

Topics
ServerlessManagement & GovernanceSecurity, Identity, & Compliance
Tags
ServerlessAWS CloudFormationAWS Certificate Manager
Language
English
Venkatesh
asked 6 months ago397 views
3 Answers
0
Accepted Answer

The best way is to use the multiline strings, """, around the outside of the parameter overrides. So for example:

parameter_overrides = [
"""Certificate="-----BEGIN CERTIFICATE-----
My-cert-content
-----END CERTIFICATE-----"""",
"""CertificatePrivateKey="-----BEGIN PRIVATE KEY-----
My-key-content
-----END PRIVATE KEY-----""""
]

Note you still need to escape newlines to prevent them being inserted into the multiline string if they cause problems.

EXPERT
skinsman
answered 6 months ago
  • Venkatesh
    6 months ago

    Thanks a lot @skinsman. Will test and confirm soon.

0

To provide multi-line strings in the TOML file i would expect (not tested) that you just need to use \n and escape them correctly in the strings within your TOML. However, whilst this might allow you to solve what you are trying to do i would suggest it might be worth considering a different approach in this case as the string you are trying to pass is a certificate and therefore could be considered "sensitive data" so providing it in "clear text" in the TOML might not be a good idea. May i suggest an alternative? Create a new Secret within AWS Secrets Manager and store the certificate in there. Then in your template you can refer to the Secret instead of using a mutliline string like this.

profile pictureAWS
danjhd
answered 6 months ago
  • Venkatesh
    6 months ago

    Thanks a lot for the quick response. However, let me provide some more details. I already tried with "\n" to handle the new line of the certificate in the toml, but it didn't work. It will be great if you could please try it once and provide the sample.

    I agree that it is sensitive. But we put the SOPS encrypted (using KMS) certificate content in a yaml file and read it from there and want to import it into ACM using an automated mechanism like GitHub workflow. The person may not have access to Secret Manager to update it every time in case of a change. Hope it clarifies.

0

Multiline strings in TOML are similar to in Python: open with a triple double-quote """ and close with another; newlines inside will be kept. The initial new-line after the opening """ will be trimmed, or you can start the content immediately after it.

See the TOML spec for an example at https://toml.io/en/v1.0.0#string

profile pictureAWS
EXPERT
James_S
answered 6 months ago
  • Venkatesh
    6 months ago

    Thank you James. But I tried this and got an error. Can you please help me with the below samconfig.toml format?

    parameter_overrides = [
    "Certificate="""-----BEGIN CERTIFICATE----- My-cert-content -----END CERTIFICATE-----"""",
    "CertificatePrivateKey="""-----BEGIN PRIVATE KEY----- My-key-content -----END PRIVATE KEY-----"""" ]

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content