From 3c9c24f30b28aed020ae512fdb6f3deb1794fe12 Mon Sep 17 00:00:00 2001
From: Jonathan Bernard <jonathan@jdbernard.com>
Date: Mon, 5 Jul 2021 15:19:04 -0500
Subject: [PATCH] api: Consolidate AWS Secret usage to one secret per
 environment.

---
 operations/terraform/deployed_env/ecs.tf | 18 +++++++++---------
 operations/terraform/deployed_env/iam.tf |  3 +--
 2 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/operations/terraform/deployed_env/ecs.tf b/operations/terraform/deployed_env/ecs.tf
index 86bbad8..4fd55a5 100644
--- a/operations/terraform/deployed_env/ecs.tf
+++ b/operations/terraform/deployed_env/ecs.tf
@@ -1,10 +1,5 @@
-resource "aws_secretsmanager_secret" "pmapi_auth" {
-  name  = "${local.environment_name}-AuthSecret"
-  tags  = { Environment = local.environment_name }
-}
-
-resource "aws_secretsmanager_secret" "pmapi_db_conn_string" {
-  name  = "${local.environment_name}-DbConnString"
+resource "aws_secretsmanager_secret" "pmapi" {
+  name  = "${local.environment_name}-Config"
   tags  = { Environment = local.environment_name }
 }
 
@@ -38,12 +33,17 @@ resource "aws_ecs_task_definition" "pmapi" {
         {
           name        = "AUTH_SECRET"
           description = "Auth secret used to hash and salt passwords."
-          valueFrom   = aws_secretsmanager_secret.pmapi_auth.arn
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:authSecret::"
         },
         {
           name      = "DB_CONN_STRING"
           description = "Connection string with user credentials."
-          valueFrom = aws_secretsmanager_secret.pmapi_db_conn_string.arn
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:dbConnString::"
+        },
+        {
+          name      = "KNOWN_ORIGINS"
+          description = "Connection string with user credentials."
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:knownOrigins::"
         }
       ]
     }
diff --git a/operations/terraform/deployed_env/iam.tf b/operations/terraform/deployed_env/iam.tf
index b75cb1c..bd1e588 100644
--- a/operations/terraform/deployed_env/iam.tf
+++ b/operations/terraform/deployed_env/iam.tf
@@ -27,8 +27,7 @@ resource "aws_iam_role" "ecs_task" {
             "kms:Decrypt"
           ]
           Resource  = [
-            aws_secretsmanager_secret.pmapi_auth.arn,
-            aws_secretsmanager_secret.pmapi_db_conn_string.arn
+            aws_secretsmanager_secret.pmapi.arn
           ]
         }
       ]