api: Consolidate AWS Secret usage to one secret per environment.

operations/terraform/deployed_env/ecs.tf

@@ -1,10 +1,5 @@
-resource "aws_secretsmanager_secret" "pmapi_auth" {
+resource "aws_secretsmanager_secret" "pmapi" {
-  name  = "${local.environment_name}-AuthSecret"
+  name  = "${local.environment_name}-Config"
-  tags  = { Environment = local.environment_name }
-}
-
-resource "aws_secretsmanager_secret" "pmapi_db_conn_string" {
-  name  = "${local.environment_name}-DbConnString"
   tags  = { Environment = local.environment_name }
 }
 
@@ -38,12 +33,17 @@ resource "aws_ecs_task_definition" "pmapi" {
         {
           name        = "AUTH_SECRET"
           description = "Auth secret used to hash and salt passwords."
-          valueFrom   = aws_secretsmanager_secret.pmapi_auth.arn
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:authSecret::"
         },
         {
           name      = "DB_CONN_STRING"
           description = "Connection string with user credentials."
-          valueFrom = aws_secretsmanager_secret.pmapi_db_conn_string.arn
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:dbConnString::"
+        },
+        {
+          name      = "KNOWN_ORIGINS"
+          description = "Connection string with user credentials."
+          valueFrom   = "${aws_secretsmanager_secret.pmapi.arn}:knownOrigins::"
         }
       ]
     }

operations/terraform/deployed_env/iam.tf

@@ -27,8 +27,7 @@ resource "aws_iam_role" "ecs_task" {
             "kms:Decrypt"
           ]
           Resource  = [
-            aws_secretsmanager_secret.pmapi_auth.arn,
+            aws_secretsmanager_secret.pmapi.arn
-            aws_secretsmanager_secret.pmapi_db_conn_string.arn
           ]
         }
       ]