» Resource: aws_secretsmanager_secret_rotation

Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the aws_secretsmanager_secret resource. To manage a secret value, see the aws_secretsmanager_secret_version resource.

» Example Usage

» Basic

resource "aws_secretsmanager_secret_rotation" "example" {
  secret_id           = "${aws_secretsmanager_secret.example.id}"
  rotation_lambda_arn = "${aws_lambda_function.example.arn}"

  rotation_rules {
    automatically_after_days = 30
  }
}

» Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The Rotate Secrets section in the Secrets Manager User Guide provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g. RDS) or deploying a custom Lambda function.

» Argument Reference

The following arguments are supported:

  • secret_id - (Required) Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.
  • rotation_lambda_arn - (Required) Specifies the ARN of the Lambda function that can rotate the secret.
  • rotation_rules - (Required) A structure that defines the rotation configuration for this secret. Defined below.

» rotation_rules

  • automatically_after_days - (Required) Specifies the number of days between automatic scheduled rotations of the secret.

» Attribute Reference

  • id - Amazon Resource Name (ARN) of the secret.
  • arn - Amazon Resource Name (ARN) of the secret.
  • rotation_enabled - Specifies whether automatic rotation is enabled for this secret.

» Import

aws_secretsmanager_secret_rotation can be imported by using the secret Amazon Resource Name (ARN), e.g.

$ terraform import aws_secretsmanager_secret_rotation.example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456