What specific changes need to be made to the syntax of the example below in order for Terraform to successfully upload the named file into a secret in AWS Secrets Manager?
Note that an AWS EC2 instance running Amazon Linux 2 is also created by the same Terraform module and needs to retrieve this file from the Secrets manager. The same Amazon Linux 2 EC2 instance is already able to successfully retrieve a string secret from the same AWS Secrets Manager. Therefore, this problem is isolated to uploading a file instead of a short string.
If it is not possible to upload the file object, then a second best answer would show how to upload the textual contents of the file. Note that the file is an x509 certificate that will need to be used by a program running in an EC2 instance. The textual contents are the typical length of an x509 certificate, which is a relatively small amount of text.
CURRENT CODE:
variable "certFileAndPath" { default = "C:\\path\\to\\the\\x509\\certificate.crt" }
resource "aws_secretsmanager_secret" "example-cert" {
name = "example-cert"
recovery_window_in_days = 0
}
resource "aws_secretsmanager_secret_version" "cert-val" {
secret_id = aws_secretsmanager_secret.example-cert.id
secret_binary = filebase64(var.certFileAndPath)
}
CURRENT RESULTS:
Currently, the Terraform code above results in None being echoed out by the cloud-init script that retrieves the secret. And also, the AWS web UI console for secret manager does not show any content when a human user tries to read the contents of the secret which indeed is created by the below. And Terraform runs the code above without throwing an error.
The cloud-init bash userdata command that echoes out None in the resulting EC2 instance's /var/log/cloud-init-output.log is:
echo "example-cert is: \n"
echo $(aws secretsmanager get-secret-value --secret-id "example-cert" --version-stage AWSCURRENT --region "${var._region}" --output text --query SecretString)
