feat: updated secertsmanager-secret to use emphemeral resource

modules/security_identity_compliance/secretsmanager-secret/main.tf

@@ -1,3 +1,13 @@
+/**
+* # secretsmanager-secret
+*
+* Create secretsmanager secret. Specify secret_version if you do not want
+* terraform to recreate the secret everytime terraform applies. Otherwise,
+* becuase this module uses emphemeral resource, the secret will be regenerated
+* and replaced every time.
+*/
+
+
 data "aws_caller_identity" "this" {}
 
 resource "random_id" "rid" {
@@ -11,11 +21,12 @@ resource "aws_secretsmanager_secret" "secret1" {
 }
 
 resource "aws_secretsmanager_secret_version" "this" {
-  secret_id     = aws_secretsmanager_secret.secret1.id
-  secret_string = var.generate_secret ? data.aws_secretsmanager_random_password.this.random_password : var.secret_value
+  secret_id                = aws_secretsmanager_secret.secret1.id
+  secret_string_wo         = var.generate_secret ? ephemeral.aws_secretsmanager_random_password.this.random_password : var.secret_value
+  secret_string_wo_version = coalesce(var.secret_version, formatdate("YYYYMMDDhhmmss", timestamp()))
 }
 
-data "aws_secretsmanager_random_password" "this" {
+ephemeral "aws_secretsmanager_random_password" "this" {
   password_length            = 22
   exclude_numbers            = false
   exclude_characters         = "o![]\\"