search

jenkins-x / terraform-aws-eks-jx

A Terraform module for creating Jenkins X infrastructure on AWS
Apache License 2.0
63 stars 42 forks source link

Secrets manager: list of secrets to allow to retrieve should be configurable #294

Closed babadofar closed 3 years ago

babadofar commented 3 years ago

The list of secrets to allow to retrieve from the secrets manager is currently fixed. This makes it hard to use with custom pre-existing secrets. Should be configurable.

https://github.com/jenkins-x/terraform-aws-eks-jx/blob/master/modules/cluster/irsa.tf#L399

 resources = [
      "arn:${data.aws_partition.current.partition}:secretsmanager:${var.region}:${local.project}:secret:secret/data/lighthouse/*",
      "arn:${data.aws_partition.current.partition}:secretsmanager:${var.region}:${local.project}:secret:secret/data/jx/*",
      "arn:${data.aws_partition.current.partition}:secretsmanager:${var.region}:${local.project}:secret:secret/data/nexus/*"
    ]
ankitm123 commented 3 years ago

Can't u set create_asm_role to false, and use your own custom role? That way, u can use customized roles (for example add cross account access etc ...)

babadofar commented 3 years ago

Yes, that would be a nice option. But then again, it complicates things somewhat.