-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(aws-codepipeline-actions): use SecretValue #3097
Conversation
cdk.SecretValue has replaced cdk.SecretParameter but the README was outdated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👋 hi man!
@@ -56,7 +56,7 @@ To use GitHub as the source of a CodePipeline: | |||
|
|||
```typescript | |||
// Read the secret from ParameterStore | |||
const token = new cdk.SecretParameter(this, 'GitHubToken', { ssmParameter: 'my-github-token' }); | |||
const token = cdk.SecretValue.ssmSecure('my-github-token','1'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Unfortunately, we have a problem here. CodePipeline does not accept SSM Secure parameters (only Plain Text ones), and trying to deploy with it results in an error like:
❌ Pipeline failed: ValidationError: SSM Secure reference is not supported in:
[AWS::CodePipeline::Pipeline/Properties/Stages,AWS::CodePipeline::Webhook/Properties/AuthenticationConfiguration/SecretToken]
We need to change this example to use cdk.SecretValue.secretsManager()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PR: #3113
cdk.SecretValue has replaced cdk.SecretParameter but the README was
outdated.
Please read the contribution guidelines and follow the pull-request checklist.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license