The secretsmgr-addon module generates an AWS IAM Policy that allows access to AWS Secrets Manager secrets in the /sym/
path that are tagged with the given environment. The policy will be attached to the AWS IAM Role specified by var.iam_role_name,
if specified.
Secrets must be tagged with ${var.tag_name}=${var.environment} in order to be accessible by this addon.
module "secrets_manager_access" {
source = "symopsio/secretsmgr-addon/aws"
version = ">= 1.0.0"
environment = "prod"
iam_role_name = module.runtime_connector.sym_runtime_connector_role.name
}| Name | Version |
|---|---|
| terraform | >= 0.13.7 |
| aws | >= 3.0 |
| Name | Version |
|---|---|
| aws | >= 3.0 |
No modules.
| Name | Type |
|---|---|
| aws_iam_policy.this | resource |
| aws_iam_role_policy_attachment.attach_secrets_manager_access | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| environment | The unique name of the environment in which you are deploying this AWS IAM Policy (e.g. staging, or prod). The environment value is also the tag value that secrets must be tagged with to be accessible by this addon. | string |
n/a | yes |
| iam_role_name | If specified, the generated AWS IAM Policy will be attached to the AWS IAM Role identified by this value. | string |
"" |
no |
| tag_name | Name of the tag that secrets must be tagged with to be accessible by this addon. | string |
"SymEnv" |
no |
| tags | Additional tags to apply to resources. | map(string) |
{} |
no |
| Name | Description |
|---|---|
| policy_arn | The ARN of the generated AWS IAM Policy that grants access to Secrets Manager secrets in the /sym/ path. |