Add secretsmanager as option

DNXLabs · Dec 19, 2024 · ad16d67 · ad16d67
1 parent 7dfafde
commit ad16d67
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/_variables.tf b/_variables.tf
@@ -262,3 +262,9 @@ variable "master_user_password" {
   type        = string
   default     = ""
 }
+
+variable "secret_method" {
+  description = "Use ssm or secretsmangaer"
+  type        = string
+  default     = "ssm"
+}
diff --git a/secretsmanager.tf b/secretsmanager.tf
@@ -0,0 +1,21 @@
+resource "aws_secretsmanager_secret" "opensearch" {
+  count                   = var.secret_method == "secretsmanager" ? 1 : 0
+  name                    = "/opensearch/${var.cluster_name}"
+  recovery_window_in_days = 0
+}
+
+locals {
+  secrets = {
+    VPC_ENDPOINT     = try(aws_elasticsearch_domain.opensearch.endpoint, "")
+    CLUSTER_ENDPOINT = "https://${aws_route53_record.opensearch.fqdn}"
+    KIBANA_ENDPOINT  = "https://${aws_route53_record.opensearch.fqdn}/_dashboards/"
+    USERNAME         = var.master_user_name
+    PASSWORD         = var.master_user_password == "" ? random_string.password[0].result : var.master_user_password
+  }
+}
+
+resource "aws_secretsmanager_secret_version" "opensearch" {
+  count         = var.secret_method == "secretsmanager" ? 1 : 0
+  secret_id     = aws_secretsmanager_secret.opensearch[0].id
+  secret_string = jsonencode(local.secrets)
+}
diff --git a/ssm.tf b/ssm.tf
@@ -1,32 +1,37 @@
 resource "aws_ssm_parameter" "vpc_endpoint" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/opensearch/${var.cluster_name}/VPC_ENDPOINT"
   description = "OpenSearch VPC Endpoint"
   type        = "String"
   value       = try(aws_elasticsearch_domain.opensearch.endpoint, "")
 }
 
 resource "aws_ssm_parameter" "cluster_endpoint" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/opensearch/${var.cluster_name}/CLUSTER_ENDPOINT"
   description = "OpenSearch Cluster Endpoint"
   type        = "String"
   value       = "https://${aws_route53_record.opensearch.fqdn}"
 }
 
 resource "aws_ssm_parameter" "kibana_endpoint" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/opensearch/${var.cluster_name}/KIBANA_ENDPOINT"
   description = "OpenSearch Kibana Endpoint"
   type        = "String"
   value       = "https://${aws_route53_record.opensearch.fqdn}/_dashboards/"
 }
 
 resource "aws_ssm_parameter" "username" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/opensearch/${var.cluster_name}/USERNAME"
   description = "OpenSearch Password"
   type        = "SecureString"
   value       = var.master_user_name
 }
 
 resource "aws_ssm_parameter" "password" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/opensearch/${var.cluster_name}/PASSWORD"
   description = "OpenSearch Password"
   type        = "SecureString"