Skip to content

EWS-Network/aws_cfn_custom_resource_resolve_parser

Repository files navigation

AWS CFN Custom resource Resolve parser

Documentation Status

Small lib to parse and retrieve secret from AWS Secrets manager using the CFN resolve format string

Intent

Currently in AWS CloudFormation, using {{resolve}} does not work for custom resources. Pending the feature being released, when the use of private resource types is not possible for the use-case, this small lib aims to allow parsing secrets so that you can today write your CFN templates with resolve.

Requirements

Sadly, this means the lambda function using this library will still need IAM access directly, and cannot use the role used by CloudFormation on create/update currently.

Usage

from aws_cfn_custom_resource_resolve_parser import handle
secret_string = r"{{resolve:secretsmanager:mysecret:SecretString:password}}"
secret_value = handle(secret_string)

Credits

This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.