By using AWS re:Post, you agree to the Terms of Use
/API call after stack deploy updates/

API call after stack deploy updates

0

Hi team,

I have a CDK stack stackA, that creates a CloudFront distribution, already deployed in the stage and prod environments.

I want to do an API call to secretsmanager.rotateSecret each time stackA is redeployed (updating the CF distribution).

the purpose of this API call (secretsmanager.rotateSecret) is to update a header value in CF distribution with a value of a secret stored in secretmanager.

I saw that I can use AwsCustomResource to do API calls, but the onCreate, onUpdate and onDelete properties represent the lifecycle events of the custom resource itself and are invoked when the custom resource itself is created, updated or deleted respectively.

The specific scenario that I would like to achieve is

  • cdk deploy stackA (for cloudFront distribution updates)
  • once the cloudFront stack finish updating ==> then call secretsmanager.rotateSecret operation (to update a header in the CF by a value of a key stored in secret manager)

is there a way to achieve this scenario?

appreciate your help.

1 Answers
0
Accepted Answer

used AwsCustomResource at the end of my CF stack

example code for secretManager Service

    const apiKeysRotationTrigger = new AwsCustomResource(
      this,
      "ident",
      {
        policy: AwsCustomResourcePolicy.fromSdkCalls({
          resources: AwsCustomResourcePolicy.ANY_RESOURCE,
        }),
        onCreate: {
          service: "SecretsManager",
          action: "rotateSecret",
          parameters: {
            SecretId: "SecretId",
          },
          physicalResourceId: PhysicalResourceId.of("PhysicalResourceId"),
        },
        onUpdate: {
          service: "SecretsManager",
          action: "rotateSecret",
          parameters: {
            SecretId: "SecretId",
          },
          physicalResourceId: PhysicalResourceId.of("PhysicalResourceId"),
        },
      }
    );
  }
answered 25 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions