I have a few secerts in aws that were created manually. Is there a way to list them with data "aws_secretsmanager_secret"?
My goal is to get an list/index of the ARNs and then use it in a daymnic block. I want to try and avoid writing multiple data source blocks.
All the sercerts have a similar naming prefix:
db-credentials/${var.env-name}/<db-user>
The <db-user> changes of course from user to user.
So I guess I'm looking to iterate with data source over all secrets which falls into this naming pattern and get a list of their ARN. After that use each ARN indie a daymnic block
The daynic block will be used inside resource "aws_db_proxy" in the auth block
if anyone will find this useful I manged to do it like this:
locals {
secrets_list = [
"db-credentials/${var.env-name}/user1",
"db-credentials/${var.env-name}/user2",
"db-credentials/${var.env-name}/user3"
]
}
data "aws_secretsmanager_secret" "rds_secrets" {
for_each = toset(local.secrets_list)
name = each.key
}
resource "aws_db_proxy" "rds_db_proxy" {
name = "${var.env-name}-rds-proxy"
engine_family = "MYSQL"
idle_client_timeout = 900
require_tls = true
.
.
.
.
dynamic "auth" {
for_each = local.secrets_list
content {
secret_arn = data.aws_secretsmanager_secret.rds_secrets[auth.value].arn
auth_scheme = "SECRETS"
iam_auth = "REQUIRED"
}
}
}