Suggested change for set recovery window to 0 (#6278)

Suggesting setting the key so failed builds can be re-applied without errors. If your terraform build fails and you need to destroy and re-apply, without a recovery window of 0, Secret Manager doesn't allow you to delete the secret and that named secret has to wait 7 days to be deleted.
2026-05-23 17:08:53 +00:00 · 2022-06-27 07:40:59 -07:00 · 2022-06-27 07:40:59 -07:00 · b1465bfa59
commit b1465bfa59
parent 39cb121bb7
1 changed files with 2 additions and 1 deletions
--- a/infrastructure/dogfood/terraform/aws/rds.tf
+++ b/infrastructure/dogfood/terraform/aws/rds.tf
@ -6,6 +6,7 @@ resource "random_password" "database_password" {
 // possibility of providing this capability in the future.
 resource "aws_secretsmanager_secret" "database_password_secret" { #tfsec:ignore:aws-ssm-secret-use-customer-key:exp:2022-07-01
  name = "/fleet/database/password/master"
+  recovery_window_in_days = 0
 }

 resource "aws_secretsmanager_secret_version" "database_password_secret_version" {
@ -114,4 +115,4 @@ resource "aws_rds_cluster_parameter_group" "example_mysql" {
  name        = "${local.name}-aurora-mysql-cluster-parameter-group"
  family      = "aurora-mysql5.7"
  description = "${local.name}-aurora-mysql-cluster-parameter-group"
-}
+}