Kal*_*lly 8 amazon-web-services terraform aws-secrets-manager
我正在使用 Terraform 代码在 AWS 中创建 Secret。我的 Jenkins 管道将每 2 小时创建一次基础设施并销毁它。2 小时后重新创建基础设施后,AWS Secrets 不允许我再次重新创建并抛出以下错误。请建议。
Error: error creating Secrets Manager Secret: InvalidRequestException: You can't create this secret because a secret with this name is already scheduled for deletion.
status code: 400, request id: e4f8cc85-29a4-46ff-911d-c5115716adc5
TF代码:-
resource "aws_secretsmanager_secret" "secret" {
description = "${var.environment}"
kms_key_id = "${data.aws_kms_key.sm.arn}"
name = "${var.environment}-airflow-secret"
}
resource "random_string" "rds_password" {
length = 16
special = true
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = "${aws_secretsmanager_secret.secret.id}"
secret_string = <<EOF
{
"rds_password": "${random_string.rds_password.result}"
}
EOF
}
TF 代码计划输出:-
# module.aws_af_aws_secretsmanager_secret.secret will be created
+ resource "aws_secretsmanager_secret" "secret" {
+ arn = (known after apply)
+ description = "dev-airflow-secret"
+ id = (known after apply)
+ kms_key_id = "arn:aws:kms:eu-central-1"
+ name = "dev-airflow-secret"
+ name_prefix = (known after apply)
+ recovery_window_in_days = 30
+ rotation_enabled = (known after apply)
}
# module.aws_af.aws_secretsmanager_secret_version.secret will be created
+ resource "aws_secretsmanager_secret_version" "secret" {
+ arn = (known after apply)
+ id = (known after apply)
+ secret_id = (known after apply)
+ secret_string = (sensitive value)
+ version_id = (known after apply)
+ version_stages = (known after apply)
}
小智 11
您需要将恢复窗口设置为 0 以立即删除机密。
https://www.terraform.io/docs/providers/aws/r/secretsmanager_secret.html#recovery_window_in_days
recovery_window_in_days -(可选)指定 AWS Secrets Manager 在删除密钥之前等待的天数。此值可以是 0 以强制删除而不恢复,或者范围为 7 到 30 天。默认值为 30。
| 归档时间: |
|
| 查看次数: |
5028 次 |
| 最近记录: |