https://github.com/labd/mach-component-aws-commercetools-token-refresher

Terraform module that runs a Lambda function to auto-refresh commercetools auth tokens in AWS Secrets Manager
https://github.com/labd/mach-component-aws-commercetools-token-refresher

commercetools mach terraform

Last synced: about 1 year ago
JSON representation

Terraform module that runs a Lambda function to auto-refresh commercetools auth tokens in AWS Secrets Manager

• Host: GitHub
• URL: https://github.com/labd/mach-component-aws-commercetools-token-refresher
• Owner: labd
• License: mit
• Created: 2020-12-08T15:14:27.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2023-10-18T02:02:12.000Z (over 2 years ago)
• Last Synced: 2025-03-28T22:51:11.113Z (about 1 year ago)
• Topics: commercetools, mach, terraform
• Language: Python
• Homepage:
• Size: 58.6 KB
• Stars: 3
• Watchers: 9
• Forks: 1
• Open Issues: 6
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Commercetools token refresher for AWS

Refresh Commercetools access token secrets by asking for a new token. 10 minutes after initial token request the Commercetools API returns a new token.

They both still work until their expiry date.

This component is for AWS, there is also a [GCP version](https://github.com/mach-composer/mach-component-gcp-commercetools-token-refresher)

## Usage

Use the following attributes to configure this component in MACH:

```yaml

sites:

  - identifier: some site

    components:

    - name: ct-refresher

...

components:

- name: ct-refresher

  source: git::https://github.com/labd/mach-component-aws-commercetools-token-refresher.git//terraform

  version: 

  integrations: ["aws", "commercetools", "sentry"]

```

Other components must configure their commercetools secrets with a reference to this refresher.

```terraform

locals {

  ct_scopes = formatlist("%s:%s", [

    "manage_orders",

    "view_orders",

    "manage_payments",

    "view_payments"

  ], var.ct_project_key)

}

module "ct_secret" {

  source = "git::https://github.com/labd/mach-component-aws-commercetools-token-refresher.git//terraform/secret"

  name   = ""

  site   = var.site

  scopes = local.ct_scopes

  # Optional; KMS key to use for the secret

  kms_key_id = ""

}

```

In your lambda function you can pass the reference to the secretsmanager value as

```

CT_ACCESS_TOKEN_SECRET_NAME = module.ct_secret.name

```

### Running in VPC

By providing VPC information through the variables, the rotator lambda can be run within the VPC;

```yaml

sites:

  - identifier: some site

    components:

    - name: ct-refresher

      variables:

        vpc:

          id: 

          subnet_ids: 

          ingress_subnet: 

```

### Adding KMS keys

KMS keys can be provided through the `kms_keys` object;

```yaml

sites:

  - identifier: some site

    components:

    - name: ct-refresher

      variables:

        kms_keys:

          cloudwatch: 

          lambda: 

          secretmanager: 

```