-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathnr-license-key-secret.yaml
59 lines (57 loc) · 1.87 KB
/
nr-license-key-secret.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
AWSTemplateFormatVersion: 2010-09-09
Parameters:
LicenseKey:
Type: String
Description: The New Relic account license key
AllowedPattern: '(?:eu-)?[0-9a-f]+(?:[A-Z]{4})?'
# Removed because of issue mentioned here:
# https://github.com/hashicorp/terraform-provider-aws/issues/55
# TODO: resolve it after issue is solved
# NoEcho: true
SecretName:
Type: String
Description: The friendly name for the license key secret
Default: NEW_RELIC_LICENSE_KEY
PolicyName:
Type: String
Description: Policy name of the policy to use to allow access to the license key secret.
Default: NewRelic-ViewLicenseKey
LicenseKeySecretExportName:
Type: String
Default: NewRelic-LicenseKeySecretARN
ViewPolicyExportName:
Type: String
Default: NewRelic-ViewLicenseKeyPolicyARN
Region:
Type: String
Resources:
LicenseKeySecret:
Type: 'AWS::SecretsManager::Secret'
Properties:
Description: The New Relic license key, for sending telemetry
Name: !Sub "${SecretName}"
SecretString: !Sub '{ "LicenseKey": "${LicenseKey}" }'
ViewNewRelicLicenseKeyPolicy:
Type: 'AWS::IAM::ManagedPolicy'
Properties:
ManagedPolicyName: !Sub
- ${PolicyName}-${Region}
- { PolicyName: !Ref PolicyName, Region: !Ref Region }
PolicyDocument:
Version: 2012-10-17
Statement:
- Effect: Allow
Action:
- 'secretsmanager:GetSecretValue'
Resource: !Ref LicenseKeySecret
Outputs:
LicenseKeySecretARN:
Description: The ARN of the LicenseKey Secret
Value: !Ref LicenseKeySecret
Export:
Name: !Sub "${AWS::StackName}-${LicenseKeySecretExportName}"
ViewPolicyARN:
Description: The ARN of the LicenseKey Secret's view policy
Value: !Ref ViewNewRelicLicenseKeyPolicy
Export:
Name: !Sub "${AWS::StackName}-${ViewPolicyExportName}"