This module will create all the resources to store and rotate a MySQL or Aurora password using the AWS Secrets Manager service.
Schema
Prerequisites
- A VPC with private subnets and accessibilty to AWS Secrets Manager Endpoint, see below for more details.
- An RDS with MySQL or Aurora already created and reacheable from the private subnets
Usage Example
module "secret-manager-with-rotation" {
source = "giuseppeborgese/secret-manager-with-rotation/aws"
version = "<always choose the latest version displayed in the upper right corner of this page>"
name = "PassRotation"
rotation_days = 10
subnets_lambda = ["subnet-xxxxxx", "subnet-xxxxxx"]
mysql_username = "giuseppe"
mysql_dbname = "my_db_name"
mysql_host = "mysqlEndpointurl.xxxxxx.us-east-1.rds.amazonaws.com"
mysql_password = "dummy_password_will_we_rotated"
}
Video Tutorial
Take a look to the video to see the module in action
The subnets specified needs to be private and with internet access to reach the AWS secrets manager endpoint You can use a NAT GW or configure your Routes with a VPC Endpoint like is described in this guide
Further details
- Interesting to force the rotation
If you like it
Please if you like this module, thumbs up on the youtube video and leave a comment as well for any questions.