使用 Terraform 管理访问 RDS 数据库的凭据时出现问题 [英] Issue when using Terraform to manage credentials that access RDS database
问题描述
我通过Terraform创建了一个secret,这个secret用于访问也在Terraform中定义的RDS数据库,并且在secret中,我不想包含username
和password
,所以我创建了一个空密钥,然后在 AWS 控制台中手动添加凭证.
I created a secret via Terraform, the secret is for accessing an RDS database which is also defined in Terraform, and in the secret, I don't want to include username
and password
, so I created an empty secret then add the credentials manually in AWS console.
然后在 RDS 定义中:
Then in the RDS definition:
resource "aws_rds_cluster" "example_db_cluster" {
cluster_identifier = local.db_name
engine = "aurora-mysql"
engine_version = "xxx"
engine_mode = "xxx"
availability_zones = [xxx]
database_name = "xxx"
master_username = jsondecode(aws_secretsmanager_secret_version.db_secret_string.secret_string)["username"]
master_password = jsondecode(aws_secretsmanager_secret_version.db_secret_string.secret_string)["password"]
.....
问题是,当我应用 terraform 时,因为秘密是空的,所以 Terraform 找不到 username
和 password
的字符串,这会导致错误,有没有人有更好的方法来实现吗?感觉在 Secret Manager 中手动创建密钥更容易.
The problem is that when I apply terraform, because the secret is empty so Terraform won't find the string for username
and password
which will cause error, does anyone have a better way to implement this? Feels like it's easier to just create the secret in Secret Manager manually.
推荐答案
您可以生成 random_password 并使用 aws_secretsmanager_secret_version
.
You can generate a random_password and add to your secret using a aws_secretsmanager_secret_version
.
这是一个例子:
resource "random_password" "default_password" {
length = 20
special = false
}
variable "secretString" {
default = {
usernae = "dbuser"
password = random_password.default_password.result
}
type = map(string)
}
resource "aws_secretsmanager_secret" "db_secret_string" {
name = "db_secret_string"
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = aws_secretsmanager_secret.db_secret_string.id
secret_string = jsonencode(var.secretString)
}
这篇关于使用 Terraform 管理访问 RDS 数据库的凭据时出现问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!