This repository contains the necessary Terraform configurations to deploy an Amazon RDS for PostgreSQL and all the supporting infrastructure components like Amazon VPC, Subnets, KMS keys, security group and IAM roles, automated via GitHub Actions. Code scanning is enabled via Bridgecrew Checkov.
The Lambda requires access to the Secrets Manager resource and RDS instance to rotate the password. Hence, it requires vpc_config{} with subnet_ids and security_group_ids. It also requires access to the Secrets Manager via aws_vpc_endpoint resource and appropriate aws_security_group_rule on port# 443.
Attach the managed policy AWSLambdaVPCAccessExecutionRole to the Lambda role.
kunduso
commented
2 months ago
The Lambda requires access to the Secrets Manager resource and RDS instance to rotate the password. Hence, it requires
vpc_config{}withsubnet_idsandsecurity_group_ids. It also requires access to the Secrets Manager viaaws_vpc_endpointresource and appropriateaws_security_group_ruleon port# 443. Attach the managed policyAWSLambdaVPCAccessExecutionRoleto the Lambda role.