From 9c1cc765df7b9a3420ab55957eb0a6910de08097 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Mon, 17 Mar 2025 14:52:34 +0000 Subject: [PATCH 1/3] doc: Update README with details on AWS Secrets Manager profile naming for CloudFormation --- examples/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/examples/README.md b/examples/README.md index 82c8f4e9c..e7b33c4f5 100644 --- a/examples/README.md +++ b/examples/README.md @@ -13,6 +13,8 @@ You must [configure API keys](https://www.mongodb.com/docs/atlas/configure-api-a ### CloudFormation Profile You should create a profile in the AWS Secrets Manager that contains the MongoDB Atlas Programmatic API Key. +The secret must be named `cfn/atlas/profile/{ProfileName}` and exist in the same AWS account and AWS region where the Cloudformation stack is run. + Use [this template](profile-secret.yaml) to create a [new CloudFormation stack](https://console.aws.amazon.com/cloudformation/home#/stacks/create) for the default profile that all resources attempt to use unless you specify a different profile. ### Configure the IAM Execution Role From b1db69342532377a73dac2357c9a6bc667a5ee33 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Mon, 17 Mar 2025 14:55:22 +0000 Subject: [PATCH 2/3] doc: Clarify requirement for secret existence in the same AWS account and region for CloudFormation --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8baef4dea..07f800b36 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ SecretValue: {"PublicKey": "YourPublicKey", "PrivateKey": "YourPrivateKey"} ``` To create a new secret for a default profile, use the [PROFILE SECRET TEMPLATE](/examples/profile-secret.yaml) file provided in this repository. +The secret must exist in the same AWS account and AWS region where the Cloudformation stack is run. Here are some examples of how to use this template: From caf034fc7c5f64cf9c6d875c1cc07b5c4763e425 Mon Sep 17 00:00:00 2001 From: Espen Albert Date: Mon, 17 Mar 2025 16:59:51 +0000 Subject: [PATCH 3/3] chore: fix lint errors --- .../cloud-backup-snapshot-export-bucket/resource-role.yaml | 1 - cfn-resources/custom-db-role/resource-role.yaml | 5 ----- cfn-resources/global-cluster-config/resource-role.yaml | 1 - 3 files changed, 7 deletions(-) diff --git a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml index c3d55cc70..206e0482b 100644 --- a/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml +++ b/cfn-resources/cloud-backup-snapshot-export-bucket/resource-role.yaml @@ -24,7 +24,6 @@ Resources: - Effect: Allow Action: - "secretsmanager:CreateSecret" - - "secretsmanager:CreateSecretInput" - "secretsmanager:DescribeSecret" - "secretsmanager:GetSecretValue" - "secretsmanager:PutSecretValue" diff --git a/cfn-resources/custom-db-role/resource-role.yaml b/cfn-resources/custom-db-role/resource-role.yaml index 792fd2348..825f3a025 100644 --- a/cfn-resources/custom-db-role/resource-role.yaml +++ b/cfn-resources/custom-db-role/resource-role.yaml @@ -30,11 +30,6 @@ Resources: Statement: - Effect: Allow Action: - - "initech:CreateReport" - - "initech:DeleteReport" - - "initech:DescribeReport" - - "initech:ListReports" - - "initech:UpdateReport" - "secretsmanager:GetSecretValue" Resource: "*" Outputs: diff --git a/cfn-resources/global-cluster-config/resource-role.yaml b/cfn-resources/global-cluster-config/resource-role.yaml index c3d55cc70..206e0482b 100644 --- a/cfn-resources/global-cluster-config/resource-role.yaml +++ b/cfn-resources/global-cluster-config/resource-role.yaml @@ -24,7 +24,6 @@ Resources: - Effect: Allow Action: - "secretsmanager:CreateSecret" - - "secretsmanager:CreateSecretInput" - "secretsmanager:DescribeSecret" - "secretsmanager:GetSecretValue" - "secretsmanager:PutSecretValue"