You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+22-14
Original file line number
Diff line number
Diff line change
@@ -32,11 +32,18 @@ in a VPC. Supported engines are `postgres` and `mysql`. A newly created user, or
32
32
don't need a new user) will be granted all permissions to created database.
33
33
34
34
**Features**:
35
-
- Master user password as well as new user password can be passed to the module either via variables or via SSM
36
-
Parameters (**preferred**).
35
+
- Master user password as well as new user password can be passed to the module either via
36
+
- Module variables
37
+
- Parameters in SSM Parameter Store (**Recommended!**)
38
+
- Secrets in Secrets Manager (**Recommended!**)
37
39
- Lambda function execution logs are shipped to Cloudwatch.
38
40
- No database or user will be created if they are already exist.
39
41
42
+
**Notes on using secrets from AWS Secrets Manager**:
43
+
- When [referencing secrets stored in Secrets Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html),
44
+
the `/aws/reference/secretsmanager` prefix must be used
45
+
- A secret must contain password in the `password` field or be a plain-text secret
46
+
40
47
**Caveats**:
41
48
- This lambda function needs internet access in order to comminitcate with AWS API. You need to associate this
42
49
function with one or more private subnets in your VPC and make sure that their routing tables have a default
@@ -49,10 +56,9 @@ don't need a new user) will be granted all permissions to created database.
49
56
security groups and/or subnets.
50
57
More context: [Corresponding issue on github](https://github.com/terraform-providers/terraform-provider-aws/issues/10329)
51
58
52
-
**TODOs**:
53
-
- Support SSL connections to RDS
54
-
- Switch to Circle CI for CI/CD pipelines
55
-
- Pack source code to a ZIP file (?)
59
+
**Backlog**:
60
+
[] Support SSL connections to RDS
61
+
[] Switch to Circle CI for CI/CD pipelines
56
62
57
63
This module is backed by best of breed terraform modules maintained by [Cloudposse](https://github.com/cloudposse).
| db\_instance\_security\_group\_id | DB instance security group to add rules to. Rules will allow communication between Lambda and DB instance |`string`|`null`| no |
180
186
| db\_master\_password | DB Instance master password. The usage of this parameter is discouraged. Consider putting db password in SSM Parameter Store and passing its ARN to the module via `db_master_password_ssm_parameter_arn` parameter |`string`|`null`| no |
181
-
| db\_master\_password\_ssm\_param | Name of SSM Parameter that stores password for master user. This param takes precendence other `db_master_password`|`string`|`null`| no |
187
+
| db\_master\_password\_ssm\_param | Name of SSM Parameter that stores password for master user. This param takes precedence other `db_master_password`|`string`|`null`| no |
182
188
| db\_master\_password\_ssm\_param\_kms\_key | Identifier of KMS key used for encryption of SSM Parameter that stores password for master user |`string`|`null`| no |
183
189
| db\_name | Database name that should be created |`string`| n/a | yes |
184
-
| db\_user | Name of user that should be created and own (has all persmiison to) the provisioned database. If left empty, no user will be created |`string`|`null`| no |
185
-
| db\_user\_password | Password for the user that should be created and own (has all persmiison to) the provisioned database. Ignored if `db_user` is set to null |`string`|`null`| no |
186
-
| db\_user\_password\_ssm\_param | Name of SSM Parameter that stores password for provisioned user. This param takes precendence other `db_user_password`|`string`|`null`| no |
190
+
| db\_user | Name of user that should be created and own (has all permission to) the provisioned database. If left empty, no user will be created |`string`|`null`| no |
191
+
| db\_user\_password | Password for the user that should be created and own (has all permission to) the provisioned database. Ignored if `db_user` is set to null |`string`|`null`| no |
192
+
| db\_user\_password\_ssm\_param | Name of SSM Parameter that stores password for provisioned user. This param takes precedence other `db_user_password`|`string`|`null`| no |
187
193
| db\_user\_password\_ssm\_param\_kms\_key | Identifier of KMS key used for encryption of SSM Parameter that stores password for provisioned user |`string`|`null`| no |
188
194
| delimiter | Delimiter to be used between `namespace`, `name`, `stage` and `attributes`|`string`|`"-"`| no |
189
195
| enabled | Defines whether this module should create resources |`bool`|`true`| no |
190
196
| invoke | Defines whether lambda function should be invoked immediately after provisioning |`bool`|`true`| no |
191
-
| kms\_key | KMS key identifier. Acceptes the same format as KMS key data source (https://www.terraform.io/docs/providers/aws/d/kms_key.html). If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. |`string`|`null`| no |
197
+
| kms\_key | KMS key identifier. Accepts the same format as KMS key data source (https://www.terraform.io/docs/providers/aws/d/kms_key.html). If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. |`string`|`null`| no |
192
198
| logs\_kms\_key\_id | KMS Key Id for Lambda function logs ecnryption |`string`|`null`| no |
193
199
| logs\_retention\_days | Lambda function logs retentions in days |`number`|`null`| no |
194
200
| memory | Amount of memory in MB your Lambda Function can use at runtime |`number`|`256`| no |
Copy file name to clipboardExpand all lines: README.yaml
+14-6
Original file line number
Diff line number
Diff line change
@@ -48,11 +48,18 @@ introduction: |-
48
48
don't need a new user) will be granted all permissions to created database.
49
49
50
50
**Features**:
51
-
- Master user password as well as new user password can be passed to the module either via variables or via SSM
52
-
Parameters (**preferred**).
51
+
- Master user password as well as new user password can be passed to the module either via
52
+
- Module variables
53
+
- Parameters in SSM Parameter Store (**Recommended!**)
54
+
- Secrets in Secrets Manager (**Recommended!**)
53
55
- Lambda function execution logs are shipped to Cloudwatch.
54
56
- No database or user will be created if they are already exist.
55
57
58
+
**Notes on using secrets from AWS Secrets Manager**:
59
+
- When [referencing secrets stored in Secrets Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html),
60
+
the `/aws/reference/secretsmanager` prefix must be used
61
+
- A secret must contain password in the `password` field or be a plain-text secret
62
+
56
63
**Caveats**:
57
64
- This lambda function needs internet access in order to comminitcate with AWS API. You need to associate this
58
65
function with one or more private subnets in your VPC and make sure that their routing tables have a default
@@ -65,10 +72,9 @@ introduction: |-
65
72
security groups and/or subnets.
66
73
More context: [Corresponding issue on github](https://github.com/terraform-providers/terraform-provider-aws/issues/10329)
67
74
68
-
**TODOs**:
69
-
- Support SSL connections to RDS
70
-
- Switch to Circle CI for CI/CD pipelines
71
-
- Pack source code to a ZIP file (?)
75
+
**Backlog**:
76
+
[ ] Support SSL connections to RDS
77
+
[ ] Switch to Circle CI for CI/CD pipelines
72
78
73
79
This module is backed by best of breed terraform modules maintained by [Cloudposse](https://github.com/cloudposse).
0 commit comments