/terraform-neon-user-credentials-aws

Terraform module to maintain users' credentials using AWS Secretsmanager

Primary LanguageHCLMIT LicenseMIT

Terraform module to manage credentials of Neon users using AWS Secretsmanager

The module provisions the secret, its initial version, and the rotation rule which relies of defined AWS Lambda function.

Requirements

Name Version
aws ~> 4.0
null 3.2.1

Providers

Name Version
aws ~> 4.0
local n/a
null 3.2.1

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.this resource
aws_iam_policy.this resource
aws_iam_role.this resource
aws_iam_role_policy_attachment.lambda_neon resource
aws_lambda_function.this resource
aws_lambda_permission.secretsmanager resource
aws_secretsmanager_secret.this resource
aws_secretsmanager_secret_rotation.this resource
aws_secretsmanager_secret_version.this resource
null_resource.this resource
local_file.this data source

Inputs

Name Description Type Default Required
debug_mode Activate debug level logs bool false no
default_tags Default tags map(string) {} no
kms_key_arn_admin ARN of the KMS key used to encrypt the admin secret specified by var.token_arn string "" no
kms_key_id ARN of the KMS key to encrypt the secrets defined by var.user_credentials string "" no
region AWS Region to provision the secrets and lambda function string n/a yes
rotate_after_days How many days shall lapse to rotate the secret since the moment of its creation number 1 no
token_arn ARN of the secret with the Neon token to use to rotate the user's access credentials
Note that the secret shall be of the format {"token": "API-TOKEN"}
string n/a yes
user_credentials Neon user's access credential
Example:
[{
project_id = "myproject"
branch_id = "br-mybranch"
host = "myendpointuri
dbname = "mydb"
user = "myuser"
password = "foobarbaz"
}]
list(object({
# Neon project id, see details: https://neon.tech/docs/manage/projects/
project_id = string
# Neon branch, see details: https://neon.tech/docs/introduction/branching/
branch_id = string
# Endpoint URI to access database, see details: https://neon.tech/docs/manage/endpoints/
host = string
dbname = string
user = string
password = string
})
)
n/a yes

Outputs

Name Description
lambda_arn ARN of the AWS Lambda used to rotate credentials
user_credentials Map of the users credentials
{ "{{ .project_id }}-{{ .branch_id }}-{{ .dbname }}-{{ .user }}" : {{ .credentials_arn }} }