Terraform module to configure an AWS Secrets Manager secret with custom lambda rotation.
The module configures both the secret and rotation scheme, including all necessary roles and permissions - the actual lambda to use is provided as input to the module, allowing for maximum flexibility.
See the test directory for an example implementation.
| Name | Version |
|---|---|
| terraform | >= 0.14 |
| aws | ~> 3.0 |
| Name | Version |
|---|---|
| aws | ~> 3.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| extra_secrets | Optional list of ARNs for extra secrets the lambda should be able to access | list(string) |
[] |
no |
| lambda_alarm_actions | The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN). | list(string) |
[] |
no |
| lambda_enable_alarms | Set to true to enable alarms on the lambda function | bool |
false |
no |
| lambda_function_arn | ARN of the lambda function to use for secret rotation | string |
n/a | yes |
| lambda_function_name | Name of the lambda function to use for secret rotation | string |
n/a | yes |
| lambda_iam_role_name | Name of IAM role to associate to lambda function | string |
n/a | yes |
| resource_tags | Tags to add to resources created by this module (where applicable) | map(string) |
{} |
no |
| secret_name | Name of secret to create and use for rotation | string |
n/a | yes |
| secret_rotation_interval | Number of days between automatic secret rotation | number |
30 |
no |
| Name | Description |
|---|---|
| lambda_secret_arn | The ARN of the secret created by this module |
| lambda_secret_name | The name of the secret created by this module |