How to reuse existing resources with cloudformation yaml?


I want to make a secret in secretsmanager by using cloudformation. Since I want to add the secret value manually and keep the value everytime I run the cloudformation, I specified "Retain" policy as follows.

    Type: AWS::SecretsManager::Secret
    DeletionPolicy: Retain
      Name: my-api-key

However, if I delete the stack once and run the cloudformation again, I get the following error.

The operation failed because the secret my-api-key already exists.

How can I avoid this behavior and reuse the existing secret key?

I know that I can reuse existing resources as follows with CDK python. What I need is a way to do like this with yaml. Please let me know.

sg = ec2.SecurityGroup.from_security_group_id(
asked 3 months ago30 views
1 Answer

Hi, @nemy.

How would you like to use existing secrets?

If you want to refer to another resource, use the resource's ARN or ID.
When referencing resources in CloudFormation, parameters are simply obtained and used according to the specification of each resource.
For example, AWS::SecretsManager::Secret will get the ARN by "Ref".

By using a custom function, I think that it is possible to create something that obtains an ARN string from a resource name that is not managed by the stack.

If you want to manage it as a CloudFormation stack, consider incorporating existing resources into the CloudFormation stack by referring to the following.

profile picture
answered 3 months ago
  • Thank you for the answer.

    How can I define a resource in the template by using ARN of an existing resource? What I want to do is something like below.

    ''' MyBucket: "ARN of the existing bucket"

    MyPipeline: Type: AWS::CodePipeline::Pipeline Properties: RoleArn: !GetAtt CodePipelineRole.Arn Name: my-pipeline ArtifactStore: Type: S3 Location: !Ref MyBucket '''

    If I simply write ARN instead of "!Ref MyBucket", I get the following error.

    ''' 1 validation error detected: Value at 'pipeline.artifactStore.location' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z0-9-.]+ (Service: AWSCodePipeline; Status Code: 400; Error Code: ValidationException; '''.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions