Allow selecting secret method for output

adenot · adenot · commit 99a3cb0a51ac · 2022-07-21T01:15:55.000Z
diff --git a/secrets-manager.tf b/secrets-manager.tf
@@ -0,0 +1,15 @@
+resource "aws_secretsmanager_secret" "elasticache" {
+  count                   = var.secret_method == "secretsmanager" ? 1 : 0
+  name                    = "/elasticache/${var.env}-${var.name}"
+  recovery_window_in_days = 0
+}
+
+resource "aws_secretsmanager_secret_version" "elasticache" {
+  count         = var.secret_method == "secretsmanager" ? 1 : 0
+  secret_id     = aws_secretsmanager_secret.elasticache[0].id
+  secret_string = jsonencode({
+    "REDIS_PORT": aws_elasticache_replication_group.redis.port,
+    "REDIS_HOST": aws_elasticache_replication_group.redis.cluster_enabled ? aws_elasticache_replication_group.redis.configuration_endpoint_address : aws_elasticache_replication_group.redis.primary_endpoint_address,
+    "REDIS_URL": "redis://${aws_elasticache_replication_group.redis.cluster_enabled ? aws_elasticache_replication_group.redis.configuration_endpoint_address : aws_elasticache_replication_group.redis.primary_endpoint_address}",
+  })
+}
diff --git a/ssm.tf b/ssm.tf
@@ -1,10 +1,12 @@
 resource "aws_ssm_parameter" "redis_endpoint" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/elasticache/redis/${var.env}-${var.name}/ENDPOINT"
   description = "Elasticache Redis Endpoint"
   type        = "String"
   value       = aws_elasticache_replication_group.redis.cluster_enabled ? aws_elasticache_replication_group.redis.configuration_endpoint_address : aws_elasticache_replication_group.redis.primary_endpoint_address
 }
 resource "aws_ssm_parameter" "redis_port" {
+  count       = var.secret_method == "ssm" ? 1 : 0
   name        = "/elasticache/redis/${var.env}-${var.name}/PORT"
   description = "Elasticache Redis Port"
   type        = "String"
diff --git a/variables.tf b/variables.tf
@@ -198,3 +198,9 @@ variable "notification_topic_arn" {
   type        = string
   default     = ""
 }
+
+variable "secret_method" {
+  description = "Use ssm for SSM parameters store which is the default option, or secretsmanager for AWS Secrets Manager"
+  type        = string
+  default     = "ssm"
+}
