Fix AWS region-id in the secrets generation
The utility script add_secrets_aws_secrets_manager.sh needs to
receive and use the AWS region to use.
Using the default region may not be correct as may differ from the
one used for the deployment.
Change-Id: I2671492cb34ce567a8e161a1f0ef082c3c5d16de
diff --git a/dual-master/README.md b/dual-master/README.md
index 5e2dbcd..ff91fd1 100644
--- a/dual-master/README.md
+++ b/dual-master/README.md
@@ -129,7 +129,7 @@
You can now run the [script](../gerrit/add_secrets_aws_secrets_manager.sh) to
upload them to AWS Secret Manager:
-`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix`
+`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id`
When `secret_prefix` is omitted, it is set to `gerrit_secret` by default.
diff --git a/gerrit/add_secrets_aws_secrets_manager.sh b/gerrit/add_secrets_aws_secrets_manager.sh
index c76b9de..3026cf3 100755
--- a/gerrit/add_secrets_aws_secrets_manager.sh
+++ b/gerrit/add_secrets_aws_secrets_manager.sh
@@ -11,17 +11,21 @@
export AWS_PAGER=;
KEY_PREFIX=${2:-gerrit_secret}
+AWS_REGION=${3:-"us-east-1"}
+
function set-secret-string {
SECRET_ID=$1
- if aws secretsmanager describe-secret --secret-id ${KEY_PREFIX}_${SECRET_ID} > /dev/null 2>&1
+ if aws secretsmanager describe-secret --region ${AWS_REGION} --secret-id ${KEY_PREFIX}_${SECRET_ID} > /dev/null 2>&1
then
echo "Updating secret ${KEY_PREFIX}_${SECRET_ID} ..."
- aws secretsmanager put-secret-value --secret-id ${KEY_PREFIX}_${SECRET_ID} \
+ aws secretsmanager put-secret-value --region ${AWS_REGION} \
+ --secret-id ${KEY_PREFIX}_${SECRET_ID} \
--secret-string file://$SECRETS_DIRECTORY/${SECRET_ID}
else
echo "Creating secret ${KEY_PREFIX}_${SECRET_ID} ..."
- aws secretsmanager create-secret --name ${KEY_PREFIX}_${SECRET_ID} \
+ aws secretsmanager create-secret --region ${AWS_REGION} \
+ --name ${KEY_PREFIX}_${SECRET_ID} \
--description "Gerrit ${SECRET_ID}" \
--secret-string file://$SECRETS_DIRECTORY/${SECRET_ID}
fi
diff --git a/master-slave/README.md b/master-slave/README.md
index e12ea3a..b2e2e6d 100644
--- a/master-slave/README.md
+++ b/master-slave/README.md
@@ -142,7 +142,7 @@
You can now run the [script](../gerrit/add_secrets_aws_secrets_manager.sh) to
upload them to AWS Secret Manager:
-`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix`
+`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id`
When `secret_prefix` is omitted, it is set to `gerrit_secret` by default.
diff --git a/single-master/README.md b/single-master/README.md
index cc04708..407881a 100644
--- a/single-master/README.md
+++ b/single-master/README.md
@@ -128,7 +128,7 @@
You can now run the [script](../gerrit/add_secrets_aws_secrets_manager.sh) to
upload them to AWS Secret Manager:
-`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix`
+`add_secrets_aws_secrets_manager.sh /path/to/your/keys/directory secret_prefix aws-region-id`
When `secret_prefix` is omitted, it is set to `gerrit_secret` by default.