New in version 2.8.
The below requirements are needed on the local master node that executes this lookup.
Parameter | Choices/Defaults | Configuration | Comments |
---|---|---|---|
_terms
-
/ required
|
Name of the secret to look up in AWS Secrets Manager.
|
||
aws_access_key
string
|
env:EC2_ACCESS_KEY
env:AWS_ACCESS_KEY
env:AWS_ACCESS_KEY_ID
|
The AWS access key to use.
aliases: aws_access_key_id |
|
aws_profile
string
|
env:AWS_DEFAULT_PROFILE
env:AWS_PROFILE
|
The AWS profile
aliases: boto_profile |
|
aws_secret_key
string
|
env:EC2_SECRET_KEY
env:AWS_SECRET_KEY
env:AWS_SECRET_ACCESS_KEY
|
The AWS secret key that corresponds to the access key.
aliases: aws_secret_access_key |
|
aws_security_token
string
|
env:EC2_SECURITY_TOKEN
env:AWS_SESSION_TOKEN
env:AWS_SECURITY_TOKEN
|
The AWS security token if using temporary access and secret keys.
|
|
join
boolean
|
Default: "no"
|
Join two or more entries to form an extended secret.
This is useful for overcoming the 4096 character limit imposed by AWS.
|
|
region
string
|
env:EC2_REGION
env:AWS_REGION
|
The region for which to create the connection.
|
|
version_id
-
|
Version of the secret(s).
|
||
version_stage
-
|
Stage of the secret version.
|
- name: Create RDS instance with aws_secret lookup for password param
rds:
command: create
instance_name: app-db
db_engine: MySQL
size: 10
instance_type: db.m1.small
username: dbadmin
password: "{{ lookup('aws_secret', 'DbSecret') }}"
tags:
Environment: staging
Common return values are documented here, the following are the fields unique to this lookup:
Key | Returned | Description |
---|---|---|
_raw
-
|
Returns the value of the secret stored in AWS Secrets Manager.
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.