使用 CloudFormation 创建 IAM 资源
| Redis 云 |
|---|
以下链接使用 AWS CloudFormation 通过 AWS 控制台创建堆栈:
然后,您可以使用Outputs选项卡以查找完成云帐户创建所需的数据。对于accessSecretKey(即用户的访问密钥)和consolePassword(用户的控制台密码),您必须点击指向 AWS Secrets Manager 服务的链接,并使用该服务查找密钥值。这些值是密钥,不会由 CloudFormation 直接显示。
如果您愿意,可以使用 AWS 命令行界面 (CLI):
export AWS_PROFILE=YOUR_PROFILE_HERE
aws cloudformation create-stack --stack-name RedisCloud --template-url \
https://s3.amazonaws.com/iam-resource-automation-do-not-delete/RedisCloud.yaml \
--capabilities CAPABILITY_AUTO_EXPAND CAPABILITY_NAMED_IAM CAPABILITY_IAM
Update the values of AWS_PROFILE with your profile credentials.
Additional options are described in the AWS CLI docs.
You can track the status of the cloud formation with the following command:
aws cloudformation describe-stacks --stack-name RedisCloud
The data needed to complete the creation of a Cloud Account is shown as Output Key and Output Value pairs.
For the two secrets (accessSecretKey and consolePassword) you'll need to use the AWS secretmanager CLI - the value you'll need has a key of SecretString:
aws secretsmanager get-secret-value --secret-id=/redislabsuser/secret_access_key
We recommend using yaml output for the consolePassword, as it makes decoding the required value easier.
aws secretsmanager get-secret-value --secret-id=/redislabsuser/password --output yaml
The consolePassword is a JSON object containing a single member whose key is password and whose value is the password. This can be a bit complex to parse out. Here's an example output:
user@example-computer ~ % aws secretsmanager get-secret-value
--secret-id=/redislabsuser/password
--output yaml
ARN: arn:aws:secretsmanager:middle-earth-1:913769183952:secret:/redislabsuser/password-qaEMYs
CreatedDate: '2021-06-16T06:27:53.402000-06:00'
Name: /redislabsuser/password
SecretString: '{"password":"S3cr3tP@$$w0rd"}'
VersionId: 00000000-0000-0000-0000-000000000000
VersionStages:
- AWSCURRENT
The JSON object is the value (less the single quotes) of the SecretString key. i.e. it is {"password":"S3cr3tP@$$w0rd"}
The password is the value associated with that key (less the double quotes): S3cr3tP@$$w0rd.