The module provisions the secret, its initial version, and the rotation rule which relies of defined AWS Lambda function.
Name | Version |
---|---|
aws | ~> 4.0 |
null | 3.2.1 |
Name | Version |
---|---|
aws | ~> 4.0 |
local | n/a |
null | 3.2.1 |
No modules.
Name | Type |
---|---|
aws_cloudwatch_log_group.this | resource |
aws_iam_policy.this | resource |
aws_iam_role.this | resource |
aws_iam_role_policy_attachment.lambda_neon | resource |
aws_lambda_function.this | resource |
aws_lambda_permission.secretsmanager | resource |
aws_secretsmanager_secret.this | resource |
aws_secretsmanager_secret_rotation.this | resource |
aws_secretsmanager_secret_version.this | resource |
null_resource.this | resource |
local_file.this | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
debug_mode | Activate debug level logs | bool |
false |
no |
default_tags | Default tags | map(string) |
{} |
no |
kms_key_arn_admin | ARN of the KMS key used to encrypt the admin secret specified by var.token_arn | string |
"" |
no |
kms_key_id | ARN of the KMS key to encrypt the secrets defined by var.user_credentials | string |
"" |
no |
region | AWS Region to provision the secrets and lambda function | string |
n/a | yes |
rotate_after_days | How many days shall lapse to rotate the secret since the moment of its creation | number |
1 |
no |
token_arn | ARN of the secret with the Neon token to use to rotate the user's access credentials Note that the secret shall be of the format {"token": "API-TOKEN"} |
string |
n/a | yes |
user_credentials | Neon user's access credential Example: [{ project_id = "myproject" branch_id = "br-mybranch" host = "myendpointuri dbname = "mydb" user = "myuser" password = "foobarbaz" }] |
list(object({ |
n/a | yes |
Name | Description |
---|---|
lambda_arn | ARN of the AWS Lambda used to rotate credentials |
user_credentials | Map of the users credentials { "{{ .project_id }}-{{ .branch_id }}-{{ .dbname }}-{{ .user }}" : {{ .credentials_arn }} } |