sparse-intern-71089
10/20/2021, 7:37 AMprehistoric-activity-61023
10/20/2021, 8:23 AMpulumi-random
module (https://github.com/pulumi/pulumi-random)
• save this password to SecretManager using https://www.pulumi.com/registry/packages/aws/api-docs/secretsmanager/secret/
• create RDS database using https://www.pulumi.com/registry/packages/aws/api-docs/rds/instance/ (and passing the password created in the first step)swift-australia-96791
10/20/2021, 8:40 AMswift-australia-96791
10/20/2021, 8:41 AMprehistoric-activity-61023
10/20/2021, 8:42 AMswift-australia-96791
10/20/2021, 8:51 AMprehistoric-activity-61023
10/20/2021, 8:59 AMprehistoric-activity-61023
10/20/2021, 9:01 AMSecret manager is the way to go. However, the password rotation will be an issue. When you enable rotation in AWS console, AWS magically provisions a lambda for you. If you don’t use console, command line steps are a bit more involving as they require the use of aws serverless repo (SAR). Sadly, official support for SAR is not yet avaiable in terraform. Thus you would have to usesource: https://stackoverflow.com/a/63546950provisioner to run aws cli to create rotation lambda as in the linked documentation using SAR.local-exec
prehistoric-activity-61023
10/20/2021, 9:02 AMprehistoric-activity-61023
10/20/2021, 9:03 AMprehistoric-activity-61023
10/20/2021, 9:09 AMprehistoric-activity-61023
10/20/2021, 9:14 AMprehistoric-activity-61023
10/20/2021, 9:14 AMswift-australia-96791
10/20/2021, 1:34 PM