SecretsManager for DATABASE_URL

This module creates a SecretsManager and stores the DATABASE_URL for the given aws_db_instance or aws_rds_cluster in it.

This is useful in order to load the DATABASE_URL into ECS via containerDefinitions.secrets.valueFrom.

Usage

module "secretsmanager-for-database-url" {
  source  = "babbel/secretsmanager-for-database-url/aws"
  version = "~> 1.2"

  name_prefix = "example"

  db_instance   = aws_db_instance.example
  database_name = "example"
  protocol      = "mysql2"
}

It can also be used for an RDS cluster like this:

module "secretsmanager-for-database-url" {
  source  = "babbel/secretsmanager-for-database-url/aws"
  version = "~> 1.2"

  name_prefix = "example"

  rds_cluster   = aws_rds_cluster.example
  database_name = "example"
  protocol      = "mysql2"
}

In the ECS task definition, you can now define environment variables referencing the SecretsManager:

resource "aws_ecs_task_definition" "example" {
  ...

  container_definitions = jsonencode([{
    ...

    secrets = [{
      name  = "DATABASE_URL"
      value = module.secretsmanager-for-database-url.secretsmanager_secret.arn
    }]

    ...
  }])

  ...
}

Please also make sure that you grant permissions on the secretsmanager:GetSecretValue action for the SecretsManager on the ECS task execution IAM role.