Pipeline: Correct SecretsManager secrets if unused

Overview

SecretsManager secrets have an inherent monthly cost, therefore secrets which are no longer accessed / used should be removed to prevent further charges.

This pipeline allows you to specify a collection of unused secrets and then either sends notifications or attempts to perform a predefined corrective action upon the collection.

Whilst it is possible to utilise this pipeline standalone, it is usually called from either:

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run aws_thrifty.pipeline.correct_secretsmanager_secrets_if_unused \
  --arg 'items=<list(object({
      title  = string
      name   = string
      region = string
      conn   = string
    }))>'

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
  pipeline = aws_thrifty.pipeline.correct_secretsmanager_secrets_if_unused  
  args = {
    items = <list(object({
      title  = string
      name   = string
      region = string
      conn   = string
    }))>
  }
}

Triggers

Detect & correct SecretsManager secrets if unused

Params

Name	Type	Required	Description	Default
items	list(object({ title = string name = string region = string conn = string }))	Yes		-
notifier	notifier	Yes	The name of the notifier to use for sending notification messages.	`notifier.default`
notification_level	string `info`, `verbose`, `error`	Yes	The verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'.	`info`
approvers	list(notifier)	Yes	List of notifiers to be used for obtaining action/approval decisions.	`notifier.default`
default_action	string `notify`, `skip`, `delete_secret`	Yes	The default action to use for the detected item, used if no input is provided.	`notify`
enabled_actions	list(string) `skip`, `delete_secret`	Yes	The list of enabled actions to provide to approvers for selection.	`[ "skip", "delete_secret" ]`

Outputs

This pipeline has no outputs.