Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manage the rotation policy when using manage_master_user_password #527

Closed
scotlyt opened this issue Dec 15, 2023 · 3 comments · Fixed by #537
Closed

Manage the rotation policy when using manage_master_user_password #527

scotlyt opened this issue Dec 15, 2023 · 3 comments · Fixed by #537

Comments

@scotlyt
Copy link

scotlyt commented Dec 15, 2023
edited
Loading

Is your request related to a new offering from AWS?

Is your request related to a problem? Please describe.

There's no management on how the policy for the master DB secret is provisioned when using manage_master_user_password. We have provisioned the password with this option but we weren't aware that it was being rotated until a week later, as we are still getting our internal process & provisioning of the DB with our team in order. It's great that it was setup to be rotated but wasn't obvious when using the module.

Describe the solution you'd like.

Since the provider has a solution:

resource/aws_secretsmanager_secret_rotation: The rotation_lambda_arn argument is now optional to support modifying the rotation schedule of AWS-managed secrets. (https://github.com/hashicorp/terraform-provider-aws/issues/34180)

It would be great to set the rotation length within the module to be something other than 7 days (or to turn it off... but that's not the best of ideas...)

Describe alternatives you've considered.

Since the rotation is not managed by terraform but RDS does use it, it's just inconsistent to having an additional step to turn off the sync or to set it. It's not a ground breaking issue but since it is the essentially the master password, management on how it's rotating or to have the option to turn it off

Additional context
@github-actions GitHub Actions
Copy link

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

@github-actions github-actions bot added the stale label Jan 15, 2024
@alexkim-avant
Copy link

Hello, any updates on this? We would also like to control the rotation timeline

@github-actions github-actions bot removed the stale label Jan 25, 2024
@magreenbaum magreenbaum mentioned this issue Jan 31, 2024
Merged
3 tasks
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 4, 2024

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Secretsmanager secret rotation for master user password magreenbaum/terraform-aws-rds
2 participants
@alexkim-avant @scotlyt