Resource: aws_secretsmanager_secret_rotation

Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the aws_secretsmanager_secret resource. To manage a secret value, see the aws_secretsmanager_secret_version resource.

Example Usage

Basic

resource "aws_secretsmanager_secret_rotation" "example" {
  secret_id           = aws_secretsmanager_secret.example.id
  rotation_lambda_arn = aws_lambda_function.example.arn

  rotation_rules {
    automatically_after_days = 30
  }
}

Rotation Configuration

To enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The Rotate Secrets section in the Secrets Manager User Guide provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g., RDS) or deploying a custom Lambda function.

Argument Reference

This resource supports the following arguments:

rotation_rules

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import aws_secretsmanager_secret_rotation using the secret Amazon Resource Name (ARN). For example:

import {
  to = aws_secretsmanager_secret_rotation.example
  id = "arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456"
}

Using terraform import, import aws_secretsmanager_secret_rotation using the secret Amazon Resource Name (ARN). For example:

% terraform import aws_secretsmanager_secret_rotation.example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456