Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: manage master credentials in secrets manager #218

Closed
wants to merge 1 commit into from
Closed

feat: manage master credentials in secrets manager #218

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,10 @@ resource "aws_rds_cluster" "primary" {
count = local.enabled && local.is_regional_cluster ? 1 : 0
cluster_identifier = var.cluster_identifier == "" ? module.this.id : var.cluster_identifier
database_name = var.db_name
manage_master_user_password = var.manage_admin_user_password
master_user_secret_kms_key_id = var.admin_user_secret_kms_key_id
master_username = local.ignore_admin_credentials ? null : var.admin_user
master_password = local.ignore_admin_credentials ? null : var.admin_password
master_password = local.ignore_admin_credentials || var.manage_admin_user_password ? null : var.admin_password
backup_retention_period = var.retention_period
preferred_backup_window = var.backup_window
copy_tags_to_snapshot = var.copy_tags_to_snapshot
Expand Down Expand Up @@ -171,6 +173,8 @@ resource "aws_rds_cluster" "secondary" {
count = local.enabled && !local.is_regional_cluster ? 1 : 0
cluster_identifier = var.cluster_identifier == "" ? module.this.id : var.cluster_identifier
database_name = var.db_name
manage_master_user_password = var.manage_admin_user_password
master_user_secret_kms_key_id = var.admin_user_secret_kms_key_id
master_username = local.ignore_admin_credentials ? null : var.admin_user
master_password = local.ignore_admin_credentials ? null : var.admin_password
backup_retention_period = var.retention_period
Expand Down
12 changes: 12 additions & 0 deletions variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,18 @@ variable "db_port" {
description = "Database port"
}

variable "manage_admin_user_password" {
type = string
default = false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not correct, this should be null

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The type should be boolean, instead of string

description = "Set to true to allow RDS to manage the master user password in Secrets Manager. Cannot be set if master_password is provided"
}

variable "admin_user_secret_kms_key_id" {
type = string
default = null
description = "Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN. If not specified, the default KMS key for your Amazon Web Services account is used"
}

variable "admin_user" {
type = string
default = "admin"
Expand Down
Loading