Terraform RedShiftc and SecretManager

amrdmrv · December 12, 2022, 3:53pm

I am trying to deploy REDSHIFT by generating password in AWS secret manager.
Secret works only when I try to connect with sql client.
I wrote python script and trying fetch secret from SECRET MANAGER and connect to redshift and do some operations but it gives an error.

redshift_connector.error.InterfaceError: ('communication error', gaierror(-2, 'Name or service not known'))

So for testing I create secret manually in Secret Manager by choosing the type of secret “REDSHIFT CREDENTIALS” and defined it in my python script and it worked. But the secret which I created with terraform not working.
It seems creating usual secret not working with Redshift cluster when you try to fetch it via some programming language. It requiers changing type of the secret in secrets manager.
But there is no such option in terraform to choose the secret type.
Is there any other way to deploy this solution ?

Here is my code below:

# Firstly create a random generated password to use in secrets.

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&=+?"
}

# Creating a AWS secret for Redshift
resource "aws_secretsmanager_secret" "redshiftcred" {
  name                    = "redshift"
  recovery_window_in_days = 0
}

# Creating a AWS secret versions for Redshift

resource "aws_secretsmanager_secret_version" "redshiftcred" {
  secret_id = aws_secretsmanager_secret.redshiftcred.id
  secret_string = jsonencode({
    engine              = "redshift"
    host                = aws_redshift_cluster.redshift_cluster.endpoint
    username            = aws_redshift_cluster.redshift_cluster.master_username
    password            = aws_redshift_cluster.redshift_cluster.master_password
    port                = "5439"
    dbClusterIdentifier = aws_redshift_cluster.redshift_cluster.cluster_identifier
  })
  depends_on = [
    aws_secretsmanager_secret.redshiftcred
  ]
}

resource "aws_redshift_cluster" "redshift_cluster" {
  cluster_identifier        = "tf-redshift-cluster"
  database_name             = lookup(var.redshift_details, "redshift_database_name")
  master_username           = "admin"
  master_password           = random_password.password.result
  node_type                 = lookup(var.redshift_details, "redshift_node_type")
  cluster_type              = lookup(var.redshift_details, "redshift_cluster_type")
  number_of_nodes           = lookup(var.redshift_details, "number_of_redshift_nodes")
  iam_roles                 = ["${aws_iam_role.redshift_role.arn}"]
  skip_final_snapshot       = true
  publicly_accessible       = true
  cluster_subnet_group_name = aws_redshift_subnet_group.redshift_subnet_group.id
  vpc_security_group_ids    = [aws_security_group.redshift.id]

  depends_on = [
    aws_iam_role.redshift_role
  ]
}

Topic		Replies	Views
Secret for aws rds Terraform	0	296	January 30, 2021
Issue creating DMS endpoint with secrets manager for sqlserver using terraform AWS	0	1506	March 20, 2022
AWS secret Manager integration with terraform AWS	1	709	September 2, 2020
Aws secretsmanager create-secret --secret-string using terraform AWS	0	216	January 20, 2023
AWS Secrets Manager of "Credentials for RDS Database" AWS	2	1124	September 15, 2022

Terraform RedShiftc and SecretManager

Related topics