Terraform RedShiftc and SecretManager

amrdmrv · December 12, 2022, 3:53pm

I am trying to deploy REDSHIFT by generating password in AWS secret manager.
Secret works only when I try to connect with sql client.
I wrote python script and trying fetch secret from SECRET MANAGER and connect to redshift and do some operations but it gives an error.

redshift_connector.error.InterfaceError: ('communication error', gaierror(-2, 'Name or service not known'))

So for testing I create secret manually in Secret Manager by choosing the type of secret “REDSHIFT CREDENTIALS” and defined it in my python script and it worked. But the secret which I created with terraform not working.
It seems creating usual secret not working with Redshift cluster when you try to fetch it via some programming language. It requiers changing type of the secret in secrets manager.
But there is no such option in terraform to choose the secret type.
Is there any other way to deploy this solution ?

Here is my code below:

# Firstly create a random generated password to use in secrets.

resource "random_password" "password" {
  length           = 16
  special          = true
  override_special = "!#$%&=+?"
}

# Creating a AWS secret for Redshift
resource "aws_secretsmanager_secret" "redshiftcred" {
  name                    = "redshift"
  recovery_window_in_days = 0
}

# Creating a AWS secret versions for Redshift

resource "aws_secretsmanager_secret_version" "redshiftcred" {
  secret_id = aws_secretsmanager_secret.redshiftcred.id
  secret_string = jsonencode({
    engine              = "redshift"
    host                = aws_redshift_cluster.redshift_cluster.endpoint
    username            = aws_redshift_cluster.redshift_cluster.master_username
    password            = aws_redshift_cluster.redshift_cluster.master_password
    port                = "5439"
    dbClusterIdentifier = aws_redshift_cluster.redshift_cluster.cluster_identifier
  })
  depends_on = [
    aws_secretsmanager_secret.redshiftcred
  ]
}

resource "aws_redshift_cluster" "redshift_cluster" {
  cluster_identifier        = "tf-redshift-cluster"
  database_name             = lookup(var.redshift_details, "redshift_database_name")
  master_username           = "admin"
  master_password           = random_password.password.result
  node_type                 = lookup(var.redshift_details, "redshift_node_type")
  cluster_type              = lookup(var.redshift_details, "redshift_cluster_type")
  number_of_nodes           = lookup(var.redshift_details, "number_of_redshift_nodes")
  iam_roles                 = ["${aws_iam_role.redshift_role.arn}"]
  skip_final_snapshot       = true
  publicly_accessible       = true
  cluster_subnet_group_name = aws_redshift_subnet_group.redshift_subnet_group.id
  vpc_security_group_ids    = [aws_security_group.redshift.id]

  depends_on = [
    aws_iam_role.redshift_role
  ]
}