xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
xpk
2026-02-13 15:44:24 +08:00
parent 66be8224f4
commit 09ce4c881a
570 changed files with 61807 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/SecretRotationReminder/README.md
+61
View File
@@ -0,0 +1,61 @@
<!-- This readme file is generated with terraform-docs -->
# SecretRotationReminder
Deploy lambda function which takes secret rotation event from secretsmanager
and send reminders to users using SNS.
This function can be used by any number of secrets
Secret ARN is obtained from the secretsmanager event
This function overrides the blueprint function from AWS. Instead of rotating the secret value,
it sends a reminder to user who will manually rotate the secret.
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| archive | n/a |
| aws | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_cloudwatch_log_group.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
| [aws_iam_policy.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
| [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
| [aws_lambda_function.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_permission.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_security_group.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
| [aws_sns_topic.reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_subscription.reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
| [archive_file.payload](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| lambda-subnet-ids | List of subnets to place lambda function | `list(string)` | n/a | yes |
| logs-cmk-arn | ARN of cloudwatch logs encryption CMK | `string` | n/a | yes |
| prefix | Resource prefix. e.g. whk1-bea-icc-mbk | `string` | n/a | yes |
| rotation-reminder-recipients | SNS recipients for secret rotation reminders | `list(string)` | n/a | yes |
| sns-cmk-arn | ARN of SNS encryption CMK | `string` | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
| function-arn | n/a |
---
## Authorship
This module was developed by Rackspace.