Я получаю это сообщение об ошибке:
$ cfn_nag database/gitlab-rds-psql.cf.yml
{
"failure_count": 3,
"violations": [
{
"id": "F23",
"type": "FAIL",
"message": "RDS instance master user password must be Ref to NoEcho Parameter. Default credentials are not recommended",
"logical_resource_ids": [
"GitLabDB"
]
},
{
"id": "F24",
"type": "FAIL",
"message": "RDS instance master username must be Ref to NoEcho Parameter. Default credentials are not recommended",
"logical_resource_ids": [
"GitLabDB"
]
},
{
"id": "F22",
"type": "FAIL",
"message": "RDS instance should not be publicly accessible",
"logical_resource_ids": [
"GitLabDB"
]
}
]
}
Но я попытался установить значение NoEcho: true в шаблоне:
GitLabDB:
Type: AWS::RDS::DBInstance
Properties:
DBInstanceIdentifier: gitlab
AllocatedStorage: !Ref 'DBAllocatedStorage'
StorageType: gp2
DBInstanceClass: !Ref 'DBClass'
Engine: postgres
EngineVersion: 9.6.3
AutoMinorVersionUpgrade: true
BackupRetentionPeriod: 20
StorageEncrypted: !Ref EncryptData
DBName: gitlabhq_production
MasterUsername: gitlab
MasterUserPassword:
- !GetAtt DBPassword.RandomString
- NoEcho: true
DBSubnetGroupName: !Ref GitLabDBSubnetGroup
DBParameterGroupName: default.postgres9.6
MultiAZ: !Ref MultiAZ
VPCSecurityGroups:
- !Ref GitLabDBEC2SecurityGroup
Tags:
- Key: AlwaysOn
Value: true
- Key: Name
Value: GitLabDB