library
turbot/aws_thrifty

Correct one SecretsManager secret if unused

Overview

SecretsManager secrets have an inherent monthly cost, therefore secrets which are no longer accessed / used should be removed to prevent further charges.

This pipeline allows you to specify a single unused secret and then either sends a notification or attempts to perform a predefined corrective action.

Whilst it is possible to utilise this pipeline standalone, it is usually called from the correct_secretsmanager_secrets_if_unused pipeline.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused \
--arg 'title=<string>' \
--arg 'name=<string>' \
--arg 'region=<string>' \
--arg 'cred=<string>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
pipeline = aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused
args = {
title = <string>
name = <string>
region = <string>
cred = <string>
}
}

Params

NameTypeRequiredDescriptionDefault
titlestringYesTitle of the resource, to be used as a display name.-
namestringYesThe friendly name of the SecretsManager secret.-
regionstringYesAWS Region of the resource(s).-
credstringYesName of the credential to be used for any authenticated actions.-
notifierstringYesThe name of the notifier to use for sending notification messages.default
notification_levelstringYesThe verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'.info
approverslist(string)YesList of notifiers to be used for obtaining action/approval decisions.
[
"default"
]
default_actionstringYesThe default action to use for the detected item, used if no input is provided.notify
enabled_actionslist(string)YesThe list of enabled actions to provide to approvers for selection.
[
"skip",
"delete_secret"
]

Outputs

This pipeline has no outputs.

Tags

category = Cost
class = unused
plugin = aws
service = AWS/Secrets Manager