9 add recovery window in days (#11)

* Update main.tf added recovery_window_in_days to resource * Update variables.tf added variable for recovery_window_in_days * Update README.md * Update README.md fixed default value * Update README.md removed from example
rhythmictech · Nov 18, 2021 · a469e7e · a469e7e
1 parent 865c8d0
commit a469e7e
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -8,11 +8,11 @@ Example:
 
 ```
 module "random_password" {
-  source            = "git::https://github.com/rhythmictech/terraform-aws-secretsmanager-secret"
-  name_prefix       = "RDSPassword"
-  description       = "RDS instance master password"
-  length            = 20
-  override_special  = "@#$%^*()-=_+[]{};<>?,./"
+  source                  = "git::https://github.com/rhythmictech/terraform-aws-secretsmanager-secret"
+  name_prefix             = "RDSPassword"
+  description             = "RDS instance master password"
+  length                  = 20
+  override_special        = "@#$%^*()-=_+[]{};<>?,./"
 }
 ```
 
@@ -48,6 +48,7 @@ module "random_password" {
 | name\_prefix | Name Prefix (not used if name specified) | `string` | `"terraform"` | no |
 | override\_special | n/a | `string` | `""` | no |
 | pass\_version | Password version. Increment this to trigger a new password. | `number` | `1` | no |
+| recovery_window_in_days | Number of days to wait before deleting the secret | `number` | `"30"` | no |
 | secret\_access\_metric\_namespace | Metric namespace to use for CloudWatch metric | `string` | `"SecretsManager"` | no |
 | secret\_access\_notification\_arn | SNS topic to notify on secret access (required if `enable_secret_access_notification=true`) | `string` | `""` | no |
 | tags | Tags to add to supported resources | `map(string)` | `{}` | no |

diff --git a/main.tf b/main.tf
@@ -23,12 +23,13 @@ resource "random_password" "random_string" {
 }
 
 resource "aws_secretsmanager_secret" "secret" {
-  count       = var.create_secret ? 1 : 0
-  name        = var.name == "" ? null : var.name
-  name_prefix = var.name == "" ? var.name_prefix : null
-  description = var.description
-  kms_key_id  = var.kms_key_id
-  tags        = var.tags
+  count                   = var.create_secret ? 1 : 0
+  name                    = var.name == "" ? null : var.name
+  name_prefix             = var.name == "" ? var.name_prefix : null
+  description             = var.description
+  kms_key_id              = var.kms_key_id
+  recovery_window_in_days = var.recovery_window_in_days
+  tags                    = var.tags
 }
 
 resource "aws_secretsmanager_secret_version" "secret_val" {

diff --git a/variables.tf b/variables.tf
@@ -36,6 +36,12 @@ variable "pass_version" {
   type        = number
 }
 
+variable "recovery_window_in_days" {
+  default     = 30
+  description = "Number of days that AWS Secrets Manager waits before it can delete the secret."
+  type        = number
+}
+
 variable "tags" {
   default     = {}
   description = "Tags to add to supported resources"