xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

feat: new iam-user module and secretsmanager-2025 module

Browse Source
This commit is contained in:
xpk
2026-04-25 21:42:02 +08:00
parent 5fd8aa807f
commit 2ef2ad1571
12 changed files with 473 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/secretsmanager-2025/README.md
+63
View File
@@ -0,0 +1,63 @@
<!-- This readme file is generated with terraform-docs -->
# secretsmanager-2025
This module creates an entry on secretsmanager. It uses ephemeral resources
such that the generated password is not stored in terraform state.
## Requirements
| Name | Version |
|------|---------|
| terraform | >= 1.10 |
## Providers
| Name | Version |
|------|---------|
| aws | n/a |
## Modules
No modules.
## Resources
| Name | Type |
|------|------|
| [aws_secretsmanager_secret.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret) | resource |
| [aws_secretsmanager_secret_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_policy) | resource |
| [aws_secretsmanager_secret_rotation.rotation](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_rotation) | resource |
| [aws_secretsmanager_secret_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret_version) | resource |
| [aws_caller_identity.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.policy-file](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| auto-rotation-days | Days to rotate secret | `number` | `365` | no |
| description | description of secret | `string` | `null` | no |
| enable-auto-rotation | Enable automatic rotation | `bool` | `false` | no |
| generate\_secret | If set to true, a secure password will be generated and saved. | `bool` | `false` | no |
| kms\_key\_id | Custom kms key id. If not specified, the default key aws/secretmanager key will be used. | `string` | `null` | no |
| name | name of secret | `string` | `null` | no |
| policy | access policy to the secret | `string` | `null` | no |
| recovery\_window\_in\_days | Number of days that AWS Secrets Manager waits before it can delete the secret | `number` | `30` | no |
| rotation-lambda-arn | ARN of lambda function for auto secret rotation | `string` | `null` | no |
| secret | the secret you want to store | `any` | `null` | no |
| secret\_use\_special\_char | Set false to not use special characters | `bool` | `true` | no |
| secret\_version | Secret version, default to 1. For subsequent update, set it to more than 1. | `number` | `1` | no |
| tags | (Optional) A mapping of tags to assign to the AWS Secrets Manager. | `map(string)` | `{}` | no |
## Outputs
| Name | Description |
|------|-------------|
| arn | The id of the secret. |
| id | Secret of Authenticate Token of elasticcache |
| secret\_arn | The ARN of the secret. |
| secret\_id | The id of the secret. |
| secret\_string | The decrypted secret string of the secret. |
---
## Authorship
This module was developed by Rackspace.