I am using python with cdk. I have one stack that creates a dynamo db table with a random name in one account and multiple stacks running in other accounts that need to get that randomly generated table name. Due to the limitation of SSM parameters not allowing cross account access, I am using secrets manager instead
Here is my code
secretsmanager.Secret(self, "cdk-generated-secret",
secret_name="cdk-generated-secret-name",
secret_string_value="{'db-name': str_table_name }"
)
This is the error I am getting
type of argument secret_string_value must be one of (aws_cdk.SecretValue, NoneType); got str instead
This is a plain text string and doesn’t need to be encrypted. How to write such a key value string to the secret and then later read it? Is there a way to read the secret values without using the randomly generated suffix?
2
Answers
Secrets manager API everything is encrypted, it does not support unencrypted data like SSM Param store does.
AWS Support Article on sharing Secrets across accounts:
https://aws.amazon.com/premiumsupport/knowledge-center/secrets-manager-share-between-accounts/
Look closely at the costs as secrets manager may not be what you want.
Use
SecretValue.unsafe_plain_text
to set a CDK Secret’s plaintext value. Thetable_name
attribute will be resolved to the DynamoDB table’s actual name at deploy time. Key-value pairs can be set with thesecret_object_value
argument:Note: Secrets Manager is a relatively expensive way to share non-secret config.