Closed varianytsia closed 1 year ago
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
Is your request related to a problem? Please describe.
Would be nice to have a possibility to refer to
secrets_manager_arn
andsecrets_manager_access_role_arn
from an endpoint within a "database_migration_service" module as is allowed inaws_dms_endpoint
of AWS provider.When I comment out
username
,password
,port
,server_name
within modules' endpoint, and try to passsecrets_manager_arn
andsecrets_manager_access_role_arn
instead I get the next error:InvalidParameterValueException: The parameter Password must be provided and must not be blank.
If I leave
username
,password
,port
,server_name
populated, infrastructure is deployed successfully but the values forsecrets_manager_arn
andsecrets_manager_access_role_arn
are ignored and are not present in remote state file on s3 bucket.Also there is no way for DMS instance to assume a role for getting a secret protected by policy, which is not secure.
Describe the solution you'd like.
Would like to have a possibility to use
secrets_manager_access_role_arn
to be able to refer to a secret protected by some policy. Would like to usesecrets_manager_arn
instead ofusername
,password
,port
,server_name
which refer Secrets Manager in much more verbose way:`data "aws_secretsmanager_secret" "aurora_password_secret" { arn = var.aurora_secret_arn }
data "aws_secretsmanager_secret_version" "aurora_password_secret_version" { secret_id = data.aws_secretsmanager_secret.aurora_password_secret.id }
locals { db_creds = jsondecode(data.aws_secretsmanager_secret_version.aurora_password_secret_version.secret_string) }
module "database_migration_service" { ... endpoints = { source = { ... username = local.db_creds.username password = local.db_creds.password port = local.db_creds.port server_name = local.db_creds.host } } }`
Describe alternatives you've considered.
Also tried to provide
"secretsManagerSecretId=my_secret_arn; secretsManagerAccessRoleArn=my_secret_access_role_arn"
viaextra_connection_attributes
with commenting outusername
,password
,port
,server_name
but had the same error as above.Additional context