generated from DNXLabs/terraform-aws-template
-
Notifications
You must be signed in to change notification settings - Fork 9
/
secrets-manager.tf
25 lines (23 loc) · 1.44 KB
/
secrets-manager.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
resource "aws_secretsmanager_secret" "rds" {
count = var.secret_method == "secretsmanager" ? 1 : 0
name = var.identifier == "" ? "/rds/${var.environment_name}-${var.name}" : "/rds/${var.identifier}"
recovery_window_in_days = 0
}
locals {
secrets = {
host = var.db_type == "rds" ? aws_db_instance.rds_db[0].address : aws_rds_cluster.aurora_cluster[0].endpoint
endpoint = var.db_type == "rds" ? aws_db_instance.rds_db[0].endpoint : aws_rds_cluster.aurora_cluster[0].endpoint
username = var.db_type == "rds" ? aws_db_instance.rds_db[0].username : aws_rds_cluster.aurora_cluster[0].master_username
password = random_string.rds_db_password.result
port = var.db_type == "rds" ? aws_db_instance.rds_db[0].port : aws_rds_cluster.aurora_cluster[0].port
identifier = var.db_type == "rds" ? aws_db_instance.rds_db[0].db_name : aws_rds_cluster.aurora_cluster[0].cluster_identifier
engine = var.db_type == "rds" ? aws_db_instance.rds_db[0].engine : aws_rds_cluster.aurora_cluster[0].engine
reader_endpoint = var.db_type == "aurora" ? aws_rds_cluster.aurora_cluster[0].reader_endpoint : "null"
}
rds_secret = local.secrets
}
resource "aws_secretsmanager_secret_version" "rds" {
count = var.secret_method == "secretsmanager" ? 1 : 0
secret_id = aws_secretsmanager_secret.rds[0].id
secret_string = jsonencode(local.rds_secret)
}