secret_target_attachments
Creates, updates, deletes or gets a secret_target_attachment resource or lists secret_target_attachments in a region
Overview
| Name | secret_target_attachments |
| Type | Resource |
| Description | Resource Type definition for AWS::SecretsManager::SecretTargetAttachment |
| Id | aws.secretsmanager.secret_target_attachments |
Fields
| Name | Datatype | Description |
|---|---|---|
id | string | |
secret_id | string | |
target_type | string | |
target_id | string | |
region | string | AWS region. |
For more information, see AWS::SecretsManager::SecretTargetAttachment.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | TargetType, TargetId, SecretId, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all secret_target_attachments in a region.
SELECT
region,
id,
secret_id,
target_type,
target_id
FROM aws.secretsmanager.secret_target_attachments
WHERE region = 'us-east-1';
Gets all properties from an individual secret_target_attachment.
SELECT
region,
id,
secret_id,
target_type,
target_id
FROM aws.secretsmanager.secret_target_attachments
WHERE region = 'us-east-1' AND data__Identifier = '<Id>';
INSERT example
Use the following StackQL query and manifest file to create a new secret_target_attachment resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.secretsmanager.secret_target_attachments (
SecretId,
TargetType,
TargetId,
region
)
SELECT
'{{ SecretId }}',
'{{ TargetType }}',
'{{ TargetId }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.secretsmanager.secret_target_attachments (
SecretId,
TargetType,
TargetId,
region
)
SELECT
'{{ SecretId }}',
'{{ TargetType }}',
'{{ TargetId }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: secret_target_attachment
props:
- name: SecretId
value: '{{ SecretId }}'
- name: TargetType
value: '{{ TargetType }}'
- name: TargetId
value: '{{ TargetId }}'
DELETE example
/*+ delete */
DELETE FROM aws.secretsmanager.secret_target_attachments
WHERE data__Identifier = '<Id>'
AND region = 'us-east-1';
Permissions
To operate on the secret_target_attachments resource, the following permissions are required:
Read
secretsmanager:GetSecretValue
List
secretsmanager:GetSecretValue,
secretsmanager:ListSecrets
Create
secretsmanager:GetSecretValue,
secretsmanager:PutSecretValue,
rds:DescribeDBInstances,
redshift:DescribeClusters,
rds:DescribeDBClusters,
docdb-elastic:GetCluster,
redshift-serverless:ListWorkgroups,
redshift-serverless:GetNamespace
Delete
secretsmanager:GetSecretValue,
secretsmanager:PutSecretValue
Update
secretsmanager:GetSecretValue,
secretsmanager:PutSecretValue,
rds:DescribeDBInstances,
redshift:DescribeClusters,
rds:DescribeDBClusters,
docdb-elastic:GetCluster,
redshift-serverless:ListWorkgroups,
redshift-serverless:GetNamespace