added vpc endpoint to access secrets manager #15
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WalkthroughThe changes primarily focus on enhancing the AWS VPC configuration by adding a new VPC endpoint for the Secrets Manager service. The region attribute is also introduced in the VPC module. The endpoint is associated with the private subnets of the VPC and a specific security group. Changes
TipsChat with CodeRabbit Bot (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Status
Actionable comments generated: 0
Files selected for processing (3)
- live/core/vpc.tf (1 hunks)
- modules/vpc/endpoints.tf (1 hunks)
- modules/vpc/variables.tf (1 hunks)
Files skipped from review due to trivial changes (2)
- modules/vpc/endpoints.tf
- modules/vpc/variables.tf
Additional comments (Suppressed): 1
live/core/vpc.tf (1)
- 14-14: The new attribute
regionis added to themodule "vpc"block. Ensure that thevar.regionvariable is defined and correctly set in the environment where this module is used. Also, verify that the VPC module supports this attribute.
There was a problem hiding this comment.
Review Status
Actionable comments generated: 0
Files selected for processing (1)
- modules/vpc/endpoints.tf (1 hunks)
Additional comments (Suppressed): 1
modules/vpc/endpoints.tf (1)
- 1-10: The new hunk introduces a VPC endpoint for AWS Secrets Manager. It correctly uses the current region to construct the service name and associates the endpoint with the appropriate security group and private subnets. However, it's important to verify that the
module.app_security_group.security_group_idandmodule.vpc.private_subnetsare correctly configured to allow traffic to and from the Secrets Manager endpoint. Also, ensure that the necessary IAM policies are in place to allow access to the Secrets Manager service.
|
@AgusPk just need to run terraform fmt in the file that is failing on CI, the rest is OK 👌🏻 |
There was a problem hiding this comment.
Review Status
Actionable comments generated: 0
Files selected for processing (1)
- modules/vpc/endpoints.tf (1 hunks)
Additional comments (Suppressed): 1
modules/vpc/endpoints.tf (1)
- 1-10: The new hunk introduces a VPC endpoint for AWS Secrets Manager. It uses the current region and VPC ID, and associates the endpoint with a specific security group and the private subnets of the VPC. This is a good security practice as it restricts access to the Secrets Manager to within the VPC, eliminating the need for internet-based access. However, ensure that the
module.vpc.vpc_id,module.app_security_group.security_group_id, andmodule.vpc.private_subnetsare correctly set and accessible in this context.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's this PR do?
Solves #10
Summary by CodeRabbit
regionto the VPC module to specify the AWS region.