How to get values from Data Sources with local variables with Python & CDKTF


I am trying to access values from data sources, so I can use them in creating more resources.
Specifically, I want to access secrets from AWS secrets manager and use that in my db_instance.
As example

data "aws_secretsmanager_secret_version" "creds" {
  secret_id = "db-creds"

locals {
  db_creds = jsondecode(

And then use the variables like local.db_creds.username.

I am trying to do the same with Python and CDKTF, but I am struggling. Specifically, I can get the values, and output to command prompts by passing the TerraformLocal variable to TerraformOutput variable, but I can not use it as dictionary into my resources.

 secret_values = DataAwsSecretsmanagerSecretVersion(
            self, "db-secret-values", secret_id="db_secrets"
secrets = TerraformLocal(self, "secrets", Fn.jsondecode(secret_values.secret_string))

But when I try secrets.user it fails, and I cant find any relevant function to transform the TerraformLocal to dict or something. Is any other way to get values from Data Sources?

Any ideas??
Thank you

Since the TerraformLocal isn’t available during compile time, it doesn’t know the contents of the local variable. Thus referencing the user property in the decoded json will not work.

I’m not sure about your use case, but you can continue to use Fn.* (Fn.element, or Fn.lookup or a combination of these) functions as you would in terraform to refer to the exact field.

Hello there, I tried to get specific value with Fn.lookup but again no luck with @jsii/kernel.RuntimeError: Error: Resolution error: Trying to resolve() a Construct at /resource/&&&&&&&
I also tried to get the data source as Output, I see the values printed properly, so the data are there. I cannot use them though in creating resources.
For example

my_output = TerraformOutput(

self.rds_cluster = RdsCluster(
            master_username=Token.as_string(Fn.lookup(my_output , "db_user", "password")),

Is there an example of using values from data sources? Because I am searching with no luck.

If you start with your secrets local that you had in your 1st snippet, then a username would be:

master_username=Token.as_string(Fn.lookup(secrets.expression, "username", "default_user"))
1 Like

Thank you! Yes I managed to do it with Fn.lookup and the key of the secret :slight_smile: