module "rotated_credentials" {
source = "registry.patterneddesigns.ca/patterneddesigns/secrets-manager/aws"
version = "2.1.0"
name = "prod/database/rotated-credentials"
secret_string = jsonencode({
engine = "mysql"
host = aws_db_instance.main.endpoint
port = 3306
username = "app_user"
password = random_password.initial.result
dbname = "application"
})
kms_key_id = module.kms.key_id
recovery_window_in_days = 30
}
resource "aws_secretsmanager_secret_rotation" "rotation" {
secret_id = module.rotated_credentials.secret_id
rotation_lambda_arn = module.rotation_lambda.function_arn
rotation_rules {
automatically_after_days = 30
}
}
resource "random_password" "initial" {
length = 32
special = false
}