Forked from https://github.com/JCapriotti/terraform-aws-rds-secret-rotation
A Terraform module that creates an AWS Secrets Manager secret for RDS.
- Creates secret with the correct format required by RDS.
- Supports PostgreSQL but is easy to add other engines.
Recommended to combine with terraform-aws-rds-secret-rotation-function to get rotation enabled
module "root_user" {
source = "git::https://bitbucket.org:perxhealth/terraform-aws-rds-secret-rotation"
db_cluster_identifier = "my-db"
engine = "postgres"
host = "my-db.cluster-xxxxxxxx.us-east-1.rds.amazonaws.com"
name_prefix = "my-db-"
port = 5432
username = "root"
password = "SomethingSecret!"
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| db_cluster_identifier | The DB cluster identifier | string |
yes | |
| db_security_group_id | The security group ID for the database. Required for secret rotation. | string |
null |
no |
| engine | The database engine type | string |
yes | |
| host | The host name of the database instance | string |
yes | |
| master_secret_arn | The superuser credentials used to update another secret in the multiuser rotation strategy. Required when using multipleuser rotation strategy. |
string |
null | no |
| name_prefix | The prefix for names of created resources. | string |
yes | |
| password | The password for the user. | string |
yes | |
| secret_recovery_window_days | The number of days that Secrets Manager waits before deleting a secret. | number |
0 |
no |
| tags | Tags to use for created resources. | map(string) |
{} |
no |
| username | The username. | string |
yes |
| Name | Description |
|---|---|
| secret_arn | The ARN of the secret that was created. |
| secret_name | The name of the secret that was created. |