I) Introduction

In order to be able to launch the application on AWS in a secure way, we place all the secrets in the AWS Secret Manager.

There are two types of secrets:

1. Shared Secrets : These are secrets shared among the AWS accounts
   • For example, Github token allow EC2’s userdata script to download artifact file are shared among infra
2. (Infra) Secrets: These are secrets that are specific to an infrastructure
   • For example. DB name/password of RDS Postgres

II) Manage Infra secrets

First, login to any infra account (Esign/Pricing) dev/staging/prod. Go to region Paris and visit the Secret manager.

For each environment, it is necessary to create the following secrets in the same region (Paris) and account for the application's compute resources:

DB_NAME
DB_USER
DB_PASS
YOUSIGN_API_KEY
LAMBDA_API_URL
LAMBDA_AUTH_BEARER
LAMBDA_WEBHOOK_SLACK_URL

Each of these secrets must be of the "Other type of secrets" type. And you must set the secret as a text secret

# Example for the secret with the name DB_NAME

# Secret key / value
Secret    : DB_NAME
Value     : <Secret value>

In case you want to add more secrets to you backend application, you need add more secrets in the Secret manager.

Then you must update in terraform, with your newly added secrets.

First, tell terraform to get the secret.

And add secret to the resource userdata template file, which is in the file 13_asg_alb.tf