3.0 KiB
3.0 KiB
SecretRotationReminder
Deploy lambda function which takes secret rotation event from secretsmanager and send reminders to users using SNS. This function can be used by any number of secrets Secret ARN is obtained from the secretsmanager event
This function overrides the blueprint function from AWS. Instead of rotating the secret value, it sends a reminder to user who will manually rotate the secret.
Requirements
No requirements.
Providers
| Name | Version |
|---|---|
| archive | n/a |
| aws | n/a |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_cloudwatch_log_group.rotation-reminder | resource |
| aws_iam_policy.lambda | resource |
| aws_iam_role.lambda | resource |
| aws_iam_role_policy_attachment.lambda | resource |
| aws_lambda_function.rotation-reminder | resource |
| aws_lambda_permission.rotation-reminder | resource |
| aws_security_group.rotation-reminder | resource |
| aws_sns_topic.reminder | resource |
| aws_sns_topic_subscription.reminder | resource |
| archive_file.payload | data source |
| aws_iam_policy_document.assume_role | data source |
| aws_subnet.this | data source |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| lambda-subnet-ids | List of subnets to place lambda function | list(string) |
n/a | yes |
| logs-cmk-arn | ARN of cloudwatch logs encryption CMK | string |
n/a | yes |
| prefix | Resource prefix. e.g. whk1-bea-icc-mbk | string |
n/a | yes |
| rotation-reminder-recipients | SNS recipients for secret rotation reminders | list(string) |
n/a | yes |
| sns-cmk-arn | ARN of SNS encryption CMK | string |
n/a | yes |
Outputs
| Name | Description |
|---|---|
| function-arn | n/a |
Authorship
This module was developed by Rackspace.