1

I am working on a project that uses a Jenkinsfile and given the name of a lambda it creates this lambda in AWS along with its terraform configuration, and uses AWS Secrets Manager to grab the secrets.

I have created the secrets via terraform and essentially want to keep all of the secrets for each of the lambdas centralized in one location ("project_lambda")

The tf looks like this (there is a policy as well, but has been omitted):

resource "aws_secretsmanager_secret" "project_lambda" {
   name = "project_lambda"
   description = "Secrets for project"
   recovery_window_in_days = 0
}

resource "aws_secretsmanager_secret_version" "sversion" {
  secret_id = aws_secretsmanager_secret.project_lambda.id
  secret_string = jsonencode(var.map_of_secrets)
}

The pipeline generated the secrets fine, and re-ran fine when it was only one lambda. But when I added in another (they have seperate state), this error comes up!

Error: error creating Secrets Manager Secret: ResourceExistsException: The operation failed because the secret project_lambda already exists.

I tried commenting out the code, but then it marked the secret for deletion and I had to manually delete it.

Any ideas for what the approach should be to solve this? Can I force recreation of the secret, delete then create, or delete that code and somehow have it not marked for deletion?

andruidthedude
  • 165
  • 1
  • 8
  • you could use remote states, as the secretsmanager name is unique data "terraform_remote_state" "your_name" { backend = "s3" config = { bucket = "your_bucket" key = "key_of_project" profile = var.profile region = var.region } workspace = var.environment } something like this should help, then call it via: data.terraform_remote_state.your_name.outputs.ssm_name also you need an output like output "ssm_name" { value = aws_secretsmanager_secret.project_lambda.name } – pfandie Oct 21 '22 at 17:22

0 Answers0