Skip to content

laa-cla-backend-production - Add secrets manager#42991

Open
said-moj wants to merge 3 commits into
mainfrom
laa-cla-backend-production--add-secrets-manager
Open

laa-cla-backend-production - Add secrets manager#42991
said-moj wants to merge 3 commits into
mainfrom
laa-cla-backend-production--add-secrets-manager

Conversation

@said-moj

@said-moj said-moj commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Add secrets manager to laa-cla-backend-production namespace

@said-moj said-moj requested a review from a team as a code owner June 3, 2026 14:55
@sablumiah

Sablu M (sablumiah) commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Terraform Plan Summary

Terraform Plan: 7 to be created, 0 to be destroyed, 6 to be updated, 2 to be replaced and 80 unchanged.

Resources to create:

+ module.secret.aws_iam_policy.irsa_policy
+ module.secret.kubernetes_manifest.secret_store
+ module.secret.module.irsa.kubernetes_service_account.generated_sa
+ module.secret.module.irsa.module.iam_assumable_role.aws_iam_role.this[0]
+ module.secret.module.irsa.module.iam_assumable_role.aws_iam_role_policy_attachment.this["irsa"]
+ module.secret.module.irsa.random_id.id
+ module.secret.random_id.serviceaccount_id

Resources to update:

! kubernetes_secret.cla_backend_intermediary
! kubernetes_secret.cla_backend_snapshot_restore
! module.cla_backend_intermediary.aws_iam_policy.irsa[0]
! module.cla_backend_metabase_rds.aws_db_parameter_group.custom_parameters
! module.cla_backend_snapshot_restore.aws_iam_policy.irsa[0]
! pingdom_check.laa-cla-backend-pingdom

Resources to replace:

-+ module.cla_backend_intermediary.aws_db_instance.rds
-+ module.cla_backend_snapshot_restore.aws_db_instance.rds

@sablumiah

Sablu M (sablumiah) commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

This PR CANNOT be auto approved and requires manual approval from the Cloud Platform team.
Reason:
🕵️‍♂️ Manual review required: OPA auto approve policy checks did not pass.

Test Passed? Reason
allowlist This PR includes changes to modules / resources which are not on the allowlist, so we can't auto approve these changes. Please request a Cloud Platform team member's review in #ask-cloud-platform
ecr Valid ECR related terraform changes
hmpps-template Valid hmpps template related terraform changes
irsa Valid irsa related terraform changes
kubernetes_secret Valid K8s secret related terraform changes
rds Valid RDS module related terraform changes
secrets_manager Valid secrets manager related terraform changes
service_pod Valid Service pod related changes
sns Valid sns related terraform changes

Please raise it in #ask-cloud-platform Slack channel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@said-moj @sablumiah