[SOLVED] Using AWS secrets for a glue connector in Terraform

Using AWS secrets for a glue connector in Terraform

I have the following code in Terraform:

resource "aws_glue_connection" "my_connection" {
  connection_properties = {
    JDBC_CONNECTION_URL = "jdbc:datadirect:googlebigquery:AuthenticationMethod=serviceaccount;Project=myproject;Dataset=mydataset;ServiceAccountEmail=myemail@myproject-12345.iam.gserviceaccount.com;ServiceAccountPrivateKey=/path-to/json-or-p12-file"
    PASSWORD            = "mypassword"
    USERNAME            = "myusername"
  }

  name = "my_connection"
}

And I want to use an AWS Secrets Manager' secret, to avoid hardcoding password and username. But when I tried this:

data "aws_secretmanager_secret" "example" {
  name = "example-secret"
}

It won't refer to my already created secrets. Please, could you help me pointing out what I am doing wrong?

Solution

first at all create your db credentials

next try to get your secret credential from tf code

code example:

 data "aws_secretsmanager_secret" "password" {
  name = "db-credential"
}

data "aws_secretsmanager_secret_version" "password" {
  secret_id = data.aws_secretsmanager_secret.password.id
}
output "get-secret" {
  sensitive = true
  value = jsondecode(data.aws_secretsmanager_secret_version.password.secret_string)["password"] 
}

resource "aws_glue_connection" "my_connection" {
  connection_properties = {
    JDBC_CONNECTION_URL = "jdbc:datadirect:googlebigquery:AuthenticationMethod=serviceaccount;Project=myproject;Dataset=mydataset;ServiceAccountEmail=myemail@myproject-12345.iam.gserviceaccount.com;ServiceAccountPrivateKey=/path-to/json-or-p12-file"
    PASSWORD            = jsondecode(data.aws_secretsmanager_secret_version.password.secret_string)["password"]
    USERNAME            = jsondecode(data.aws_secretsmanager_secret_version.password.secret_string)["username"]
  }

  name = "my_connection"
}