https://github.com/babbel/terraform-aws-secretsmanager-for-database-url
Terraform module creating a SecretsManager for `DATABASE_URL`
https://github.com/babbel/terraform-aws-secretsmanager-for-database-url
aws terraform terraform-module
Last synced: 4 months ago
JSON representation
Terraform module creating a SecretsManager for `DATABASE_URL`
- Host: GitHub
- URL: https://github.com/babbel/terraform-aws-secretsmanager-for-database-url
- Owner: babbel
- License: mit
- Created: 2021-01-21T08:54:37.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2026-02-28T00:02:12.000Z (4 months ago)
- Last Synced: 2026-03-02T20:41:47.418Z (4 months ago)
- Topics: aws, terraform, terraform-module
- Language: HCL
- Homepage: https://registry.terraform.io/modules/babbel/secretsmanager-for-database-url/aws
- Size: 72.3 KB
- Stars: 1
- Watchers: 33
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# SecretsManager for `DATABASE_URL`
This module creates a SecretsManager and stores the [`DATABASE_URL`](https://guides.rubyonrails.org/configuring.html#configuring-a-database) for the given `aws_db_instance` or `aws_rds_cluster` in it.
This is useful in order to load the `DATABASE_URL` into ECS via [`containerDefinitions.secrets.valueFrom`](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data-secrets.html).
## Usage
```tf
module "secretsmanager-for-database-url" {
source = "babbel/secretsmanager-for-database-url/aws"
version = "~> 1.2"
name_prefix = "example"
db_instance = aws_db_instance.example
database_name = "example"
protocol = "mysql2"
}
```
It can also be used for an RDS cluster like this:
```tf
module "secretsmanager-for-database-url" {
source = "babbel/secretsmanager-for-database-url/aws"
version = "~> 1.2"
name_prefix = "example"
rds_cluster = aws_rds_cluster.example
database_name = "example"
protocol = "mysql2"
}
```
In the ECS task definition, you can now define environment variables referencing the SecretsManager:
```tf
resource "aws_ecs_task_definition" "example" {
...
container_definitions = jsonencode([{
...
secrets = [{
name = "DATABASE_URL"
value = module.secretsmanager-for-database-url.secretsmanager_secret.arn
}]
...
}])
...
}
```
Please also make sure that you grant permissions on the `secretsmanager:GetSecretValue` action for the SecretsManager on the [ECS task execution IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html).