We use Terraform as a main scripting language for our infrastructure
When deploying lambda:
- Make changes in
schedule_events_proxy/lambda_function.py - If requirements were changed - run
pip install --target schedule_events_proxy <package_name> - Package
schedule_events_proxydirectory into the zip package:cd schedule_events_proxy/ && zip -r9 ${OLDPWD}/schedule_events_proxy.zip . && cd ..
secret.tf file contains secrets in the encrypted form. In order to add a new secret, you need to:
- Create a file where the only content is the value you need encrypted
- Go to https://console.aws.amazon.com/kms/home?region=us-east-1#/kms/keys and copy
Key IDfrom the key with the Alias- - Run
aws kms encrypt --key-id <key id from step 2> --plaintext fileb://<file name from step 1> --output text --query CiphertextBlob - Copy the output from the previous command.
- Create a new record in the
secrets.tfin the following form
data "aws_kms_secrets" "tf_variable_name" {
secret {
name = "name_of_your_secret"
payload = "value from step 4"
}
}
- Now you can pass the secret anywhere in terraform like this
data.aws_kms_secrets.tf_variable_name.plaintext["name_of_your_secret"]
The value will be used in the open form only when the resource is created. At all other times it will be in the encrypted from.