AWS::KinesisFirehose::DeliveryStream SecretsManagerConfiguration

The structure that defines how Firehose accesses the secret.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Enabled" : Boolean,
  "RoleARN" : String,
  "SecretARN" : String
}

YAML


  Enabled: Boolean
  RoleARN: String
  SecretARN: String

Properties

Enabled

Specifies whether you want to use the secrets manager feature. When set as True the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to False Firehose falls back to the credentials in the destination configuration.

Required: Yes

Type: Boolean

Update requires: No interruption

RoleARN

Specifies the role that Firehose assumes when calling the Secrets Manager API operation. When you provide the role, it overrides any destination specific role defined in the destination configuration. If you do not provide the then we use the destination specific role. This parameter is required for Splunk.

Required: No

Type: String

Pattern: arn:.*:iam::\d{12}:role/[a-zA-Z_0-9+=,.@\-_/]+

Minimum: 1

Maximum: 512

Update requires: No interruption

SecretARN

The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the Firehose stream and role as Firehose supports cross-account secret access. This parameter is required when Enabled is set to True.

Required: No

Type: String

Pattern: arn:.*:secretsmanager:[a-zA-Z0-9\-]+:\d{12}:secret:[a-zA-Z0-9\-/_+=.@]+

Minimum: 1

Maximum: 2048

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

SchemaConfiguration

Serializer