Terraform Level2 task 17 Access Secrets Manager with IAM Role Using Terraform

V.SIVAKUMAR.MCA · July 12, 2025, 9:52pm

Task17: Create a secret in AWS Secrets Manager named datacenter-app-secret with the following secret string: {"db_user":"admin","db_pass":"supersecret"}

My solution:
resource “aws_secretsmanager_secret_version” “datacenter-app-secret-version” {
secret_id = aws_secretsmanager_secret.datacenter-app-secret.id
secret_string = jsonencode({
“db_user” = “admin”
“db_pass” = “supersecret”
})
}

My verification:
bob@iac-server ~/terraform via default ➜ aws secretsmanager get-secret-value --secret-id datacenter-app-secret
{
“ARN”: “arn:aws:secretsmanager:us-east-1:000000000000:secret:datacenter-app-secret-HAEZVl”,
“Name”: “datacenter-app-secret”,
“VersionId”: “terraform-20250712213041210500000002”,
“SecretString”: “{"db_pass":"supersecret","db_user":"admin"}”,
“VersionStages”: [
“AWSCURRENT”
],
“CreatedDate”: 1752355841.0
}

But task verification failed with below message:
Secret content does not match expected value.

Can you please check and clarify whether secret_string should be created like “{"db_user":"admin","db_pass":"supersecret"}” instead of jsonencode() or something like sensitive input variables…

V.SIVAKUMAR.MCA · July 12, 2025, 10:16pm

This task verified successfully if secret_string is created without jsonencode().

Venkata_Pavan · August 14, 2025, 3:55pm

Hi Siva,

Kindly advise how did you go with role policy attachment

petya.bogdan · October 11, 2025, 10:35am

@Venkata_Pavan I was able to complete task with replacing iam_policy_attachment to inline policy like this, before that task validation failed -

resource “aws_iam_role_policy” “inline_policy” {
name = var.KKE_POLICY_NAME
role = aws_iam_role.test_role.id

policy = jsonencode({
Version = “2012-10-17”
Statement = [
{
Effect = “Allow”
Action = [“secretsmanager:GetSecretValue”]
Resource = aws_secretsmanager_secret.example.arn
}
]
})
}