Open Simonl9l opened 3 years ago
giuseppeborgese
commented
3 years ago I think the output is quickly doable. For the others instead, it is better an optional approach. If the parameter to setup that password (or change the target) is specified is used otherwise it works as before. Create a pull request with all the changes and I'll approve it.
Simonl9l
commented
3 years ago @giuseppeborgese - dropping the need to sync with other things (system manager)...when would an update possibly be available to support the export of the secret arn as an output such that it can be included in the RDS Proxy configuration, auth block?
I have zero experience of writing TF plugging, so hope that this is something that you might be able to do per the "quickly doable" comment? I'm sure this would be very valuable to other RDS Proxy users!
Hi
In general it works well, however in the context of using Terraform to set up an RDS Proxy, I need to supply it the
arn's of the secret(s) inauthblocks.What would it take to expose the secret as an output such that it can be referenced in other TF configuration?
Additionally I also like to synchronize the secret value in some scenarios to a the System Manager Parameter store, as this is used for configuration of my underlying services (its much more cost efficient - We're only using the Secret Manager as it's a requirement for RDS Proxy).
Whist with the output I can set up the initial value, once the rotation occurs, I'd need to also update the system parameter.
Perhaps there is a way to define rotation targets, system manager for example another?
Thanks!