Skip to content

[NDH-583] Tracking Secret Rotation Lambda #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sachin-panayil wants to merge 7 commits into from
Closed

[NDH-583] Tracking Secret Rotation Lambda #289

sachin-panayil wants to merge 7 commits into from

Conversation

@sachin-panayil
Copy link
Contributor

@sachin-panayil sachin-panayil commented Dec 29, 2025
edited
Loading

Important

I did not run terraform apply on this yet. This is just to show the code that I've been working on. Not sure the best practices but I can run terraform apply when approved. Or does it run automatically in npd_ops builds?

Tracking Secret Rotation Lambda

Jira Ticket #583

Problem

We had a rotation lambda that handles the rotation of a postgres user secret. This was not tracked in source control since it was created via ClickOps

Solution

Use terraform import to import the actual states and write terraform code to match it so that as little changes as possible show up meaning that the terraform matches the actual AWS state.

Result

Terraform has been created that matches AWS state. We now track secret rotation within source

Some important notes regarding the summary line:

  • Read the important section about terraform apply. Not sure the best way to handle this

Test Plan

  • Run terraform -chdir=envs/dev plan on the infrastructure directory and check the drift

@sachin-panayil sachin-panayil self-assigned this Dec 29, 2025
@sachin-panayil sachin-panayil changed the title [NDH-583] - Tracking Secret Rotation Lambda [NDH-583] Tracking Secret Rotation Lambda Dec 29, 2025
@sachin-panayil sachin-panayil marked this pull request as ready for review December 31, 2025 15:30
@wbprice
Copy link
Contributor

wbprice commented Dec 31, 2025

This is partially my fault. We moved the infrastructure folder over to https://github.com/cms-Enterprise/npd-ops but didn't clean it up here. Please reopen this PR against https://github.com/cms-Enterprise/npd-ops

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wbprice wbprice Awaiting requested review from wbprice wbprice is a code owner

@spopelka-dsac spopelka-dsac Awaiting requested review from spopelka-dsac

Assignees

@sachin-panayil sachin-panayil

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sachin-panayil @wbprice