From 6b1b628ea707d3c9af935e594788763777f745e5 Mon Sep 17 00:00:00 2001 From: Chris Pates <crpates@amazon.co.uk> Date: Mon, 5 Feb 2024 11:32:49 +0000 Subject: [PATCH] Update secrets.yaml --- cicd/cloudformation/secrets.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/cicd/cloudformation/secrets.yaml b/cicd/cloudformation/secrets.yaml index b03c9004..c62e5f4b 100644 --- a/cicd/cloudformation/secrets.yaml +++ b/cicd/cloudformation/secrets.yaml @@ -203,6 +203,8 @@ Resources: KeyForSecrets: Type: AWS::KMS::Key + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Description: Key for protecting SSOSync Secrets in cross-account deployment Enabled: true @@ -248,6 +250,8 @@ Resources: SecretGoogleCredentials: Type: "AWS::SecretsManager::Secret" Condition: CreateGoogle + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestGoogleCredentials SecretString: !Ref GoogleCredentials @@ -283,6 +287,8 @@ Resources: SecretGoogleAdminEmail: Type: "AWS::SecretsManager::Secret" Condition: CreateGoogle + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestGoogleAdminEmail SecretString: !Ref GoogleAdminEmail @@ -318,6 +324,8 @@ Resources: SecretWIFServiceAccountEmail: Type: "AWS::SecretsManager::Secret" Condition: CreateWIF + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestWIFServiceAccountEmail SecretString: !Ref WIFServiceAccountEmail @@ -353,6 +361,8 @@ Resources: SecretWIFClientLibraryConfig: Type: "AWS::SecretsManager::Secret" Condition: CreateWIF + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestWIFClientLibraryConfigSecret SecretString: !Ref WIFClientLibraryConfig @@ -387,6 +397,8 @@ Resources: SecretSCIMEndpoint: # This can be moved to custom provider Type: "AWS::SecretsManager::Secret" + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestSCIMEndpointUrl SecretString: !Ref SCIMEndpointUrl @@ -420,6 +432,8 @@ Resources: SecretSCIMAccessToken: # This can be moved to custom provider Type: "AWS::SecretsManager::Secret" + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestSCIMAccessToken SecretString: !Ref SCIMEndpointAccessToken @@ -453,6 +467,8 @@ Resources: SecretRegion: Type: "AWS::SecretsManager::Secret" + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestRegion SecretString: !Select [1, !Split [".", !Ref SCIMEndpointUrl]] @@ -486,6 +502,8 @@ Resources: SecretIdentityStoreID: Type: "AWS::SecretsManager::Secret" + DeletionPolicy: Retain + UpdateReplacePolicy: Delete Properties: Name: TestIdentityStoreId SecretString: !Ref IdentityStoreId