本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
秘密管理
Research and Engineering Studio 會使用 維護下列秘密 AWS Secrets Manager。RES 會在環境建立期間自動建立秘密。管理員在環境建立期間輸入的秘密會輸入為參數。
| 秘密名稱 | 描述 | 產生的 RES | 管理員已輸入 |
|---|---|---|---|
| <envname>-sso-client-secret | 環境的單一登入 OAuth2 用戶端秘密 | ✓ | |
| <envname>-vdc-client-secret | vdc ClientSecret | ✓ | |
| <envname>-vdc-client-id | vdc ClientId | ✓ | |
| <envname>-vdc-gateway-certificate-private-key | 網域的自我簽署憑證私有金鑰 | ✓ | |
| <envname>-vdc-gateway-certificate-certificate | 網域的自我簽署憑證 | ✓ | |
| <envname>-cluster-manager-client-secret | cluster-manager ClientSecret | ✓ | |
| <envname>-cluster-manager-client-id | cluster-manager ClientId | ✓ | |
| <envname>-external-private-key | 網域的自我簽署憑證私有金鑰 | ✓ | |
| <envname>-external-certificate | 網域的自我簽署憑證 | ✓ | |
| <envname>-internal-private-key | 網域的自我簽署憑證私有金鑰 | ✓ | |
| <envname>-internal-certificate | 網域的自我簽署憑證 | ✓ | |
| <envname>-directoryservice-ServiceAccountUsername | ✓ | ||
| <envname>-directoryservice-ServiceAccountPassword | ✓ |
下列秘密 ARN 值包含在 DynamoDB 的 <envname>-cluster-settings 資料表中:
| 金錀 | 來源 |
|---|---|
| identity-provider.cognito.sso_client_secret | |
| vdc.dcv_connection_gateway.certificate.certificate_secret_arn | 堆疊 |
| vdc.dcv_connection_gateway.certificate.private_key_secret_arn | 堆疊 |
| cluster.load_balancers.internal_alb.certificates.private_key_secret_arn | 堆疊 |
| directoryservice.root_username_secret_arn | |
| vdc.client_secret | 堆疊 |
| cluster.load_balancers.external_alb.certificates.certificate_secret_arn | 堆疊 |
| cluster.load_balancers.internal_alb.certificates.certificate_secret_arn | 堆疊 |
| directoryservice.root_password_secret_arn | |
| cluster.secretsmanager.kms_key_id | |
| cluster.load_balancers.external_alb.certificates.private_key_secret_arn | 堆疊 |
| cluster-manager.client_secret |
