61 lines
3.0 KiB
Markdown
61 lines
3.0 KiB
Markdown
<!-- This readme file is generated with terraform-docs -->
|
|
# SecretRotationReminder
|
|
Deploy lambda function which takes secret rotation event from secretsmanager
|
|
and send reminders to users using SNS.
|
|
This function can be used by any number of secrets
|
|
Secret ARN is obtained from the secretsmanager event
|
|
|
|
This function overrides the blueprint function from AWS. Instead of rotating the secret value,
|
|
it sends a reminder to user who will manually rotate the secret.
|
|
|
|
## Requirements
|
|
|
|
No requirements.
|
|
|
|
## Providers
|
|
|
|
| Name | Version |
|
|
|------|---------|
|
|
| archive | n/a |
|
|
| aws | n/a |
|
|
|
|
## Modules
|
|
|
|
No modules.
|
|
|
|
## Resources
|
|
|
|
| Name | Type |
|
|
|------|------|
|
|
| [aws_cloudwatch_log_group.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
|
|
| [aws_iam_policy.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
|
|
| [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
|
|
| [aws_iam_role_policy_attachment.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
|
|
| [aws_lambda_function.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
|
|
| [aws_lambda_permission.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
|
|
| [aws_security_group.rotation-reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
|
|
| [aws_sns_topic.reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
|
|
| [aws_sns_topic_subscription.reminder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
|
|
| [archive_file.payload](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
|
|
| [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
|
|
| [aws_subnet.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnet) | data source |
|
|
|
|
## Inputs
|
|
|
|
| Name | Description | Type | Default | Required |
|
|
|------|-------------|------|---------|:--------:|
|
|
| lambda-subnet-ids | List of subnets to place lambda function | `list(string)` | n/a | yes |
|
|
| logs-cmk-arn | ARN of cloudwatch logs encryption CMK | `string` | n/a | yes |
|
|
| prefix | Resource prefix. e.g. whk1-bea-icc-mbk | `string` | n/a | yes |
|
|
| rotation-reminder-recipients | SNS recipients for secret rotation reminders | `list(string)` | n/a | yes |
|
|
| sns-cmk-arn | ARN of SNS encryption CMK | `string` | n/a | yes |
|
|
|
|
## Outputs
|
|
|
|
| Name | Description |
|
|
|------|-------------|
|
|
| function-arn | n/a |
|
|
|
|
---
|
|
## Authorship
|
|
This module was developed by Rackspace. |