fix: change now secret arn is constructed to fix error seen when runn… (

#575) * fix: change now secret arn is constructed to fix error seen when running tasks * docs: update Terraform docs * fix: construct secret name using enviroinment name --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
dvsa · Jan 24, 2025 · b596851 · b596851
1 parent 3ff5ad4
commit b596851
Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/infra/terraform/modules/service/README.md b/infra/terraform/modules/service/README.md
@@ -42,6 +42,7 @@
 | [aws_cloudfront_log_delivery_canonical_user_id.cloudfront](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_log_delivery_canonical_user_id) | data source |
 | [aws_route53_zone.public](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route53_zone) | data source |
 | [aws_s3_bucket.assets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket) | data source |
+| [aws_secretsmanager_secret.application_api](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/secretsmanager_secret) | data source |
 
 ## Inputs
 

diff --git a/infra/terraform/modules/service/batch.tf b/infra/terraform/modules/service/batch.tf
@@ -1,5 +1,9 @@
 data "aws_caller_identity" "current" {}
 
+data "aws_secretsmanager_secret" "application_api" {
+  name = "DEVAPP${var.legacy_environment}-BASE-SM-APPLICATION-API"
+}
+
 locals {
   default_retry_policy = {
     attempts = 1
@@ -57,7 +61,7 @@ locals {
       secrets = [
         {
           name      = "DB_PASSWORD"
-          valueFrom = "${var.batch.api_secret_file}:olcs_api_rds_password::"
+          valueFrom = "${data.aws_secretsmanager_secret.application_api.arn}:olcs_api_rds_password:::"
         },
       ]
     }
@@ -87,7 +91,7 @@ locals {
       secrets = [
         {
           name      = "DB_PASSWORD"
-          valueFrom = "${var.batch.api_secret_file}:olcs_api_rds_password::"
+          valueFrom = "${data.aws_secretsmanager_secret.application_api.arn}:olcs_api_rds_password:::"
         },
       ]
     }
@@ -327,4 +331,4 @@ module "sns_batch_failure" {
 resource "aws_cloudwatch_log_group" "this" {
   name              = "/aws/batch/vol-app-${var.environment}"
   retention_in_days = 1
-}
+}