Closed bcarranza closed 1 year ago
Creates a modules to new aws secret manager + kms
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_kms_key.this[0] will be created + resource "aws_kms_key" "this" { + arn = (known after apply) + bypass_policy_lockout_safety_check = false + customer_master_key_spec = "SYMMETRIC_DEFAULT" + deletion_window_in_days = 30 + description = "AmazonMSK_dp-dev-kafka-user-kms" + enable_key_rotation = false + id = (known after apply) + is_enabled = true + key_id = (known after apply) + key_usage = "ENCRYPT_DECRYPT" + multi_region = (known after apply) + policy = (known after apply) + tags = { + "ops_env" = "dp-dev" + "ops_managed_by" = "terraform" + "ops_owners" = "devops" + "ops_source_repo" = "gruntwork-infrastructure-live" + "ops_source_repo_path" = "dp-dev/us-west-2/dp-dev/dataplatform/0250-secret-manager-kafka-user" } + tags_all = { + "ops_env" = "dp-dev" + "ops_managed_by" = "terraform" + "ops_owners" = "devops" + "ops_source_repo" = "gruntwork-infrastructure-live" + "ops_source_repo_path" = "dp-dev/us-west-2/dp-dev/dataplatform/0250-secret-manager-kafka-user" } } # aws_secretsmanager_secret.this will be created + resource "aws_secretsmanager_secret" "this" { + arn = (known after apply) + description = "AmazonMSK_dp-dev-kafka-user in order to connect EMR to Kafka" + force_overwrite_replica_secret = false + id = (known after apply) + kms_key_id = (known after apply) + name = "AmazonMSK_dp-dev-kafka-user" + name_prefix = (known after apply) + policy = (known after apply) + recovery_window_in_days = 30 + rotation_enabled = (known after apply) + rotation_lambda_arn = (known after apply) + tags = { + "ops_env" = "dp-dev" + "ops_managed_by" = "terraform" + "ops_owners" = "devops" + "ops_source_repo" = "gruntwork-infrastructure-live" + "ops_source_repo_path" = "dp-dev/us-west-2/dp-dev/dataplatform/0250-secret-manager-kafka-user" } + tags_all = { + "ops_env" = "dp-dev" + "ops_managed_by" = "terraform" + "ops_owners" = "devops" + "ops_source_repo" = "gruntwork-infrastructure-live" + "ops_source_repo_path" = "dp-dev/us-west-2/dp-dev/dataplatform/0250-secret-manager-kafka-user" } + replica { + kms_key_id = (known after apply) + last_accessed_date = (known after apply) + region = (known after apply) + status = (known after apply) + status_message = (known after apply) } + rotation_rules { + automatically_after_days = (known after apply) + duration = (known after apply) + schedule_expression = (known after apply) } } Plan: 2 to add, 0 to change, 0 to destroy. Changes to Outputs: + secret_arn = (known after apply) + secret_id = (known after apply) ───────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. Releasing state lock. This may take a few moments...
https://github.com/exact-payments/gruntwork-infrastructure-live/pull/1608/files#diff-5fa1aa009548ff8bae18ba76830e6edde43bc7cff712aa5bb42b3916fe362ee8R12
What
Creates a modules to new aws secret manager + kms
Evidence in aws console
Plan
Where I am using this branch
https://github.com/exact-payments/gruntwork-infrastructure-live/pull/1608/files#diff-5fa1aa009548ff8bae18ba76830e6edde43bc7cff712aa5bb42b3916fe362ee8R12