是否可以使用terraform在AWS secrets manager中设置多用户秘密轮换?
。。。考虑到地形的现有能力(v.3.23.0) 或者在撰写本文时,它还没有在地形中可用?显然,这可以在AWS UI中完成,但我对在TF中编写脚本感兴趣 我有一个在AWS secrets manager中旋转单个秘密的简单示例,但是如果我在AWS仪表板中编辑与该秘密相关联的创建的旋转,则无法将其设置为多用户旋转——UI根本不会将其显示为选项是否可以使用terraform在AWS secrets manager中设置多用户秘密轮换?,terraform,aws-secrets-manager,Terraform,Aws Secrets Manager,。。。考虑到地形的现有能力(v.3.23.0) 或者在撰写本文时,它还没有在地形中可用?显然,这可以在AWS UI中完成,但我对在TF中编写脚本感兴趣 我有一个在AWS secrets manager中旋转单个秘密的简单示例,但是如果我在AWS仪表板中编辑与该秘密相关联的创建的旋转,则无法将其设置为多用户旋转——UI根本不会将其显示为选项 resource "aws_secretsmanager_secret_rotation" "rds_postgres
resource "aws_secretsmanager_secret_rotation" "rds_postgres_key_rotation" {
secret_id = aws_secretsmanager_secret.rotation_example.id
rotation_lambda_arn = aws_serverlessapplicationrepository_cloudformation_stack.postgres_rotator.outputs["RotationLambdaARN"]
rotation_rules {
automatically_after_days = 1
}
}
resource "aws_secretsmanager_secret" "rotation_example" {
name = "normalusersecret"
kms_key_id = aws_kms_key.my_key.id
}
resource "aws_serverlessapplicationrepository_cloudformation_stack" "postgres_rotator" {
name = "postgres-rotator"
application_id = "arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationMultiUser"
capabilities = [
"CAPABILITY_IAM",
"CAPABILITY_RESOURCE_POLICY",
]
parameters = {
functionName = "func-postgres-rotator"
#endpoint = "secretsmanager.${data.aws_region.current.name}.${data.aws_partition.current.dns_suffix}"
endpoint = "secretsmanager.us-east-1.lambda.amazonaws.com"
}
}
似乎SecretsManager只是检查masterarn密钥的秘密值JSON。如果该键存在,则会翻转多用户单选按钮 e、 g 单用户
resource "aws_secretsmanager_secret_version" "example" {
secret_id = aws_secretsmanager_secret.example.id
secret_string = tostring(jsonencode({
password = "password"
username = "user"
}))
}
多用户
resource "aws_secretsmanager_secret_version" "example" {
secret_id = aws_secretsmanager_secret.example.id
secret_string = tostring(jsonencode({
masterarn = aws_secretsmanager_secret.master.arn
password = "password"
username = "user"
}))
}