Automating Kubernetes secrets creation using AWS SSM and Terraform

AWS EKS: Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS and on-premises.

AWS Parameter store: Parameter Store is an AWS service that stores strings. It can store secret data and non-secret data alike. Secrets stored in Parameter Store are secure strings, encrypted with a customer-specific AWS KMS key.

Terraform: Terraform is an open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure.

Automation steps:

1. Create a secret on AWS Parameter store from the AWS console.

or you can also create a secret using terraform random_password resource and store it in SSM parameter, and create a terraform datasource.

2. In terraform provider.tf file add entry to call Kubernetes provider and add the EKS context in config_context

3. Create secret using kubernetes_secret resource provided by terraform Kubernetes provider like here, and call the datasource which was created in step 1.

That’s it, in 3 easy steps one can automate the process of creating K8s secrets.