- 最新
- 最多得票
- 最多評論
Hi,
You have the whole guidance to create such a VPC endpoint for Secrets Manager here: https://docs.aws.amazon.com/secretsmanager/latest/userguide/vpc-endpoint-overview.html
Then you have a detailled example in https://repost.aws/knowledge-center/lambda-secret-vpc See in particular the resource EC2VPCEndpoint , which gives you the full definition of the endpoint
EC2VPCEndpoint:
Type: "AWS::EC2::VPCEndpoint"
Properties:
VpcEndpointType: "Interface"
VpcId: !GetAtt EC2Subnet.VpcId
ServiceName: !Sub "com.amazonaws.${AWS::Region}.secretsmanager"
PolicyDocument: |
{
"Statement": [
{
"Action": "*",
"Effect": "Allow",
"Principal": "*",
"Resource": "*"
}
]
}
SubnetIds:
- !Ref EC2Subnet
PrivateDnsEnabled: true
SecurityGroupIds:
- !Ref EC2SecurityGroup
BTW, as done above, I strongly recommend to use CloudFormation for such advanced constructs: you can put all resource definitions (Lambda, endpoint, secret, IAM policies, etc. ) in one single YAML file and check his coherency via cfn-lint. That is my personal only way to implement similar use cases: it dramatically raises your efficiency.
Best
Didier
You also can use an existing pattern (CDK, easier than cloud formation) in ServerlessLand: https://serverlessland.com/patterns/lambda-secretsmanager-dotnet-cdk
相關內容
- 已提問 1 年前
AWS 官方已更新 7 個月前- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前