kunduso / rds-secretsmanager-rotation-lambda-terraform

This repository contains the necessary Terraform configurations to deploy an Amazon RDS for PostgreSQL and all the supporting infrastructure components like Amazon VPC, Subnets, KMS keys, security group and IAM roles, automated via GitHub Actions. Code scanning is enabled via Bridgecrew Checkov.
https://skundunotes.com/2024/09/18/create-amazon-rds-for-postgresql-db-using-terraform-and-github-actions/
The Unlicense
0 stars 0 forks source link

Host Lambda inside a VPC #12

Open kunduso opened 2 months ago

kunduso commented 2 months ago

The Lambda requires access to the Secrets Manager resource and RDS instance to rotate the password. Hence, it requires vpc_config{} with subnet_ids and security_group_ids. It also requires access to the Secrets Manager via aws_vpc_endpoint resource and appropriate aws_security_group_rule on port# 443. Attach the managed policy AWSLambdaVPCAccessExecutionRole to the Lambda role.

kunduso commented 2 months ago

more info at https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AWSLambdaVPCAccessExecutionRole.html