api: Consolidate AWS Secret usage to one secret per environment.

This commit is contained in:
Jonathan Bernard 2021-07-05 15:19:04 -05:00
parent 16c7852972
commit 3c9c24f30b
2 changed files with 10 additions and 11 deletions

View File

@ -1,10 +1,5 @@
resource "aws_secretsmanager_secret" "pmapi_auth" { resource "aws_secretsmanager_secret" "pmapi" {
name = "${local.environment_name}-AuthSecret" name = "${local.environment_name}-Config"
tags = { Environment = local.environment_name }
}
resource "aws_secretsmanager_secret" "pmapi_db_conn_string" {
name = "${local.environment_name}-DbConnString"
tags = { Environment = local.environment_name } tags = { Environment = local.environment_name }
} }
@ -38,12 +33,17 @@ resource "aws_ecs_task_definition" "pmapi" {
{ {
name = "AUTH_SECRET" name = "AUTH_SECRET"
description = "Auth secret used to hash and salt passwords." description = "Auth secret used to hash and salt passwords."
valueFrom = aws_secretsmanager_secret.pmapi_auth.arn valueFrom = "${aws_secretsmanager_secret.pmapi.arn}:authSecret::"
}, },
{ {
name = "DB_CONN_STRING" name = "DB_CONN_STRING"
description = "Connection string with user credentials." description = "Connection string with user credentials."
valueFrom = aws_secretsmanager_secret.pmapi_db_conn_string.arn valueFrom = "${aws_secretsmanager_secret.pmapi.arn}:dbConnString::"
},
{
name = "KNOWN_ORIGINS"
description = "Connection string with user credentials."
valueFrom = "${aws_secretsmanager_secret.pmapi.arn}:knownOrigins::"
} }
] ]
} }

View File

@ -27,8 +27,7 @@ resource "aws_iam_role" "ecs_task" {
"kms:Decrypt" "kms:Decrypt"
] ]
Resource = [ Resource = [
aws_secretsmanager_secret.pmapi_auth.arn, aws_secretsmanager_secret.pmapi.arn
aws_secretsmanager_secret.pmapi_db_conn_string.arn
] ]
} }
] ]