feat: Add ability to create secret for use with custom idp

BorisLabs · Dec 4, 2024 · 738e005 · 738e005
1 parent a240c20
commit 738e005
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 10 deletions.
diff --git a/modules/transfer-user/main.tf b/modules/transfer-user/main.tf
@@ -28,7 +28,7 @@ resource "aws_transfer_user" "this" {
 
 resource "aws_transfer_ssh_key" "ssh_key" {
   count     = var.add_transfer_ssh_keys ? length(local.all_key_bodies) : 0
-  body      = element(concat(local.all_key_bodies, [""]), count.index)
+  body = element(concat(local.all_key_bodies, [""]), count.index)
   server_id = var.transfer_server_id
   user_name = aws_transfer_user.this[0].user_name
 }
@@ -47,3 +47,12 @@ resource "aws_iam_role_policy" "inline_policy" {
   role   = aws_iam_role.this[0].id
 }
 
+resource "aws_secretsmanager_secret" "this" {
+  count       = var.create_secret ? 1 : 0
+  kms_key_id  = var.secret_kms_key_id
+  name        = "SFTP/${var.user_name}"
+  description = "Secret for ${var.user_name} to access FTPS server"
+  policy      = var.secret_policy_statements
+  tags = merge(var.tags, { Name = "${var.user_name}-secret", Role = "Secret for SFTP user" })
+}
+
diff --git a/modules/transfer-user/variables.tf b/modules/transfer-user/variables.tf
@@ -1,6 +1,6 @@
 variable "transfer_server_id" {
   description = "ID of the AWs Transfer Server"
-  default = ""
+  default     = ""
 }
 
 variable "user_name" {
@@ -24,8 +24,8 @@ variable "iam_role_arn" {
 
 variable "tags" {
   description = "Tags to attach to transfer user"
-  default     = {}
-  type        = map(string)
+  default = {}
+  type = map(string)
 }
 
 variable "home_directory" {
@@ -40,8 +40,8 @@ variable "add_transfer_ssh_keys" {
 
 variable "transfer_ssh_key_bodys" {
   description = "Public key part of SSH Key for Transfer user being created."
-  default     = []
-  type        = list(string)
+  default = []
+  type = list(string)
 }
 
 variable "use_ssm" {
@@ -51,14 +51,14 @@ variable "use_ssm" {
 
 variable "transfer_ssh_key_ssm_paths" {
   description = "List of SSM Parameter store paths to retrieve public key from."
-  type        = list(string)
-  default     = ["/transfer/users/user"]
+  type = list(string)
+  default = ["/transfer/users/user"]
 }
 
 variable "home_directory_mappings" {
   description = "Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible"
-  default     = []
-  type        = list(map(string))
+  default = []
+  type = list(map(string))
 }
 
 variable "home_directory_type" {
@@ -70,4 +70,22 @@ variable "home_directory_type" {
 variable "create_transfer_user" {
   description = "Create an transfer user"
   default     = true
+}
+
+variable "create_secret" {
+  description = "Create a secret for the transfer user"
+  default     = false
+  type        = bool
+}
+
+variable "secret_kms_key_id" {
+  description = "KMS key id for the secret"
+  default     = ""
+  type        = string
+}
+
+variable "secret_policy_statements" {
+  description = "JSON of Secret policy statements"
+  default     = ""
+  type        = string
 }