我正在尝试删除AWS Secrets Manager中的一个秘密。我可以使用--secret-id或ARN,但无论哪种方式,机密仍然存在于控制台和稍后对--force-delete的CLI调用中。ARN和DeletionDate改变,在控制台中显示为"0";删除";这个日期,但取消删除的选项仍然存在。发生了什么事?
>>> aws secretsmanager delete-secret --secret-id 202112030312-dev-rds-pw --force-delete-without-recovery --region us-west-2 --profile=development
{
"ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-Cf10KE",
"Name": "202112030312-dev-rds-pw",
"DeletionDate": "2021-12-02T20:15:28.129000-07:00"
}
>>> aws secretsmanager delete-secret --secret-id 202112030312-dev-rds-pw --force-delete-without-recovery --region us-west-2 --profile=development
{
"ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-srMuPx",
"Name": "202112030312-dev-rds-pw",
"DeletionDate": "2021-12-02T20:15:40.226000-07:00"
}
>>> # NOTE THE SUFFIX ON THE ARN...
>>> aws secretsmanager delete-secret --secret-id arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-srMuPx --force-delete-without-recovery --region us-west-2 --profile=development
{
"ARN": "arn:aws:secretsmanager:us-west-2:99999999999:secret:202112030312-dev-rds-pw-oz8kB2",
"Name": "202112030312-dev-rds-pw",
"DeletionDate": "2021-12-02T20:17:36.631000-07:00"
}
如果包含--force-delete-without-recovery,则delete-secret不会检查机密是否存在。它仍然";工作;就好像这个秘密存在一样。来自文档:
如果使用此参数并包含以前删除或不存在的机密,则操作不会返回错误ResourceNotFoundException以正确处理重试。