- Newest
- Most votes
- Most comments
Hi,
You have the whole guidance to create such a VPC endpoint for Secrets Manager here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html
Then you have a detailled example in https://repost.aws/knowledge-center/lambda-secret-vpc See in particular the resource EC2VPCEndpoint , which gives you the full definition of the endpoint
EC2VPCEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
VpcEndpointType: "Interface"
VpcId: !GetAtt EC2Subnet.VpcId
ServiceName: !Sub "com.amazonaws.${AWS::Region}.secretsmanager"
PolicyDocument: |
{
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Principal": "*",
"Resource": "*"
}
]
}
SubnetIds:
- !Ref EC2Subnet
PrivateDnsEnabled: true
SecurityGroupIds:
- !Ref EC2SecurityGroup
BTW, as done above, I strongly recommend to use CloudFormation for such advanced constructs: you can put all resource definitions (Lambda, endpoint, secret, IAM policies, etc. ) in one single YAML file and check his coherency via cfn-lint. That is my personal only way to implement similar use cases: it dramatically raises your efficiency.
Best
Didier
You also can use an existing pattern (CDK, easier than cloud formation) in ServerlessLand: https://serverlessland.com/patterns/lambda-secretsmanager-dotnet-cdk
Relevant content
- asked 6 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago