AWS Secrets Manager Setup
You can generate this
If you ran
symflow generate
, you might already be configured with asecrets.tf
file! If so, then you do not need to complete these steps.
Prerequisites
- An
environment.tf
file generated bysymflow init
a. If you have not runsymflow init
, please follow the instructions in Installing Sym- A
runtime_connector
module defined inconnectors.tf
a. If you do not have aconnectors.tf
, please follow the instructions in AWS Runtime Setup
Grant Sym Read-Only Access to AWS Secrets Manager
In the directory that contains your Sym configuration (i.e. the directory created by symflow init
), create a new file named secrets.tf
with the following contents:
# This secrets_manager_access module defines an AWS IAM Policy and attachment that grants the Sym Runtime Role
# the permissions to read secrets from AWS Secrets Manager that are under the /sym/ path and tagged with
# `SymEnv = local.environment_name`.
module "secrets_manager_access" {
source = "symopsio/secretsmgr-addon/aws"
version = "~> 1.1"
environment = local.environment_name
iam_role_name = module.runtime_connector.sym_runtime_connector_role.name
}
# This resource tells Sym how to access your AWS account's Secrets Manager instance.
resource "sym_secrets" "this" {
type = "aws_secrets_manager"
name = "${local.environment_name}-sym-secrets"
settings = {
# This tells Sym to use the runtime_context integration defined in runtime.tf to access
# your AWS account's Secrets Manager.
context_id = sym_integration.runtime_context.id
}
}
Finally, run terraform init && terraform apply
to save your configuration.
For more information about the inputs and outputs of the secrets_manager_access
module, see the Terraform registry.
Next Steps
The Sym Runtime should now have read-only access to your AWS Secrets Manager Secrets. In Share Secrets with the Sym Runtime we will describe how to Terraform secrets and share them with the Sym Runtime.
Updated 5 months ago
What’s Next