NEW: simple secretsmanager module

modules/security_identity_compliance/secretsmanager-secret/main.tf

@@ -0,0 +1,35 @@
+data "aws_caller_identity" "this" {}
+
+resource "random_id" "rid" {
+  byte_length = 2
+}
+
+resource "aws_secretsmanager_secret" "secret1" {
+  name        = "test-secret-${random_id.rid.dec}"
+  description = var.secret_description
+}
+
+resource "aws_secretsmanager_secret_version" "this" {
+  secret_id     = aws_secretsmanager_secret.secret1.id
+  secret_string = jsonencode({ (var.secret_description) : var.secret_value })
+}
+
+data "aws_iam_policy_document" "policy-file" {
+  statement {
+    sid    = "DefaultAllowReadFromSameAccount"
+    effect = "Allow"
+
+    principals {
+      type        = "AWS"
+      identifiers = ["arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"]
+    }
+
+    actions   = ["secretsmanager:GetSecretValue"]
+    resources = ["*"]
+  }
+}
+
+resource "aws_secretsmanager_secret_policy" "policy" {
+  secret_arn = aws_secretsmanager_secret.secret1.arn
+  policy     = var.secret_policy != null ? var.secret_policy : data.aws_iam_policy_document.policy-file.json
+}

modules/security_identity_compliance/secretsmanager-secret/provider.tf

@@ -0,0 +1,15 @@
+provider "aws" {
+  region = var.aws-region
+}
+
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.40"
+    }
+  }
+}
+
+resource time_static current_time {}

modules/security_identity_compliance/secretsmanager-secret/variables.tf

@@ -0,0 +1,7 @@
+variable "aws-region" {}
+variable "secret_description" {}
+variable "secret_value" {}
+variable "secret_policy" {
+  type    = string
+  default = null
+}