standard
turbot/aws_thrifty
Get Involved
Version
Pipeline: Correct one SecretsManager secret if unused
Overview
SecretsManager secrets have an inherent monthly cost, therefore secrets which are no longer accessed / used should be removed to prevent further charges.
This pipeline allows you to specify a single unused secret and then either sends a notification or attempts to perform a predefined corrective action.
Whilst it is possible to utilise this pipeline standalone, it is usually called from the correct_secretsmanager_secrets_if_unused pipeline.
Run the pipeline
To run this pipeline from your terminal:
flowpipe pipeline run aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused \ --arg 'title=<string>' \ --arg 'name=<string>' \ --arg 'region=<string>' \ --arg 'conn=<connection.aws>'
Use this pipeline
To call this pipeline from your pipeline, use a step:
step "pipeline" "step_name" { pipeline = aws_thrifty.pipeline.correct_one_secretsmanager_secret_if_unused args = { title = <string> name = <string> region = <string> conn = <connection.aws> }}
Params
Name | Type | Required | Description | Default |
---|---|---|---|---|
title | string | Yes | Title of the resource, to be used as a display name. | - |
name | string | Yes | The friendly name of the SecretsManager secret. | - |
region | string | Yes | AWS Region of the resource(s). | - |
conn | connection.aws | Yes | Name of the AWS connection to be used for any authenticated actions. | - |
notifier | notifier | Yes | The name of the notifier to use for sending notification messages. | notifier.default |
notification_level | string info , verbose , error | Yes | The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'. | info |
approvers | list(notifier) | Yes | List of notifiers to be used for obtaining action/approval decisions. | notifier.default |
default_action | string notify , skip , delete_secret | Yes | The default action to use for the detected item, used if no input is provided. | notify |
enabled_actions | list(string) skip , delete_secret | Yes | The list of enabled actions to provide to approvers for selection. |
|
Outputs
This pipeline has no outputs.
Tags
category = Cost
class = unused
folder = Internal
plugin = aws
service = AWS/Secrets Manager