Currently in AWS CloudFormation, using {{resolve}} does not work for custom resources. Pending the feature being released, when the use of private resource types is not possible for the use-case, this small lib aims to allow parsing secrets so that you can today write your CFN templates with resolve.
Sadly, this means the lambda function using this library will still need IAM access directly, and cannot use the role used by CloudFormation on create/update currently.
from aws_cfn_custom_resource_resolve_parser import handle
secret_string = r"{{resolve:secretsmanager:mysecret:SecretString:password}}"
secret_value = handle(secret_string)- Documentation: https://aws-cfn-custom-resource-resolve-parser.readthedocs.io.
This package was created with Cookiecutter and the audreyr/cookiecutter-pypackage project template.