This repository contains the necessary Terraform configurations to deploy an Amazon RDS for PostgreSQL and all the supporting infrastructure components like Amazon VPC, Subnets, KMS keys, security group and IAM roles, automated via GitHub Actions. Code scanning is enabled via Bridgecrew Checkov.
The Lambda requires access to the Secrets Manager resource and RDS instance to rotate the password. Hence, it requires vpc_config{} with subnet_ids and security_group_ids. It also requires access to the Secrets Manager via aws_vpc_endpoint resource and appropriate aws_security_group_rule on port# 443.
Attach the managed policy AWSLambdaVPCAccessExecutionRole to the Lambda role.
The Lambda requires access to the Secrets Manager resource and RDS instance to rotate the password. Hence, it requires
vpc_config{}
withsubnet_ids
andsecurity_group_ids
. It also requires access to the Secrets Manager viaaws_vpc_endpoint
resource and appropriateaws_security_group_rule
on port# 443. Attach the managed policyAWSLambdaVPCAccessExecutionRole
to the Lambda role.