Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mark aws_kinesis_firehose_delivery_stream access_key as sensitive #16681

Closed
kyeah opened this issue Dec 9, 2020 · 2 comments · Fixed by #16684
Closed

Mark aws_kinesis_firehose_delivery_stream access_key as sensitive #16681

kyeah opened this issue Dec 9, 2020 · 2 comments · Fixed by #16684
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/firehose Issues and PRs that pertain to the firehose service.
Milestone
v3.22.0

Comments

@kyeah
Copy link
Contributor

kyeah commented Dec 9, 2020
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Hi there! We've been using the new http_endpoint_configuration for the aws_kinesis_firehose_delivery_stream and appreciate the addition.

However, we notice that the access_key is not marked as sensitive. For integrations like New Relic, this means that the New Relic API key is printed in plain text within plan outputs. Ideally this would be marked as sensitive.

New or Affected Resource(s)

  • aws_kinesis_firehose_delivery_stream

Potential Terraform Configuration

resource "aws_kinesis_firehose_delivery_stream" "aws_waf" {
  name        = "aws-waf-logs-firewall-to-newrelic"
  destination = "http_endpoint"

  s3_configuration {
    role_arn           = aws_iam_role.kinesis_aws_waf_role.arn
    bucket_arn         = aws_s3_bucket.kinesis_dead_letter_drop.arn
    buffer_size        = 10
    buffer_interval    = 400
    compression_format = "GZIP"
  }

  http_endpoint_configuration {
    url                = "https://aws-api.newrelic.com/firehose/v1"
    name               = "New Relic"
    access_key         = data.aws_ssm_parameter.newrelic-api-key.value
    buffering_size     = 15
    buffering_interval = 600
    role_arn           = aws_iam_role.kinesis_aws_waf_role.arn
    s3_backup_mode     = "FailedDataOnly"

    request_configuration {
      content_encoding = "GZIP"
    }
  }
}

References
@kyeah kyeah added the enhancement Requests to existing resources that expand the functionality or scope. label Dec 9, 2020
@ghost ghost added the service/firehose Issues and PRs that pertain to the firehose service. label Dec 9, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Dec 9, 2020
@kyeah kyeah mentioned this issue Dec 10, 2020
Merged
@bill-rich bill-rich removed the needs-triage Waiting for first response or review from a maintainer. label Dec 14, 2020
@anGie44 anGie44 added this to the v3.22.0 milestone Dec 18, 2020
@ghost
Copy link

ghost commented Dec 18, 2020

This has been released in version 3.22.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@ghost
Copy link

ghost commented Jan 17, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Jan 17, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. service/firehose Issues and PRs that pertain to the firehose service.
Projects
None yet
Milestone
v3.22.0
Development

Successfully merging a pull request may close this issue.

Mark Kinesis Firehose Stream access_key as sensitive kyeah/terraform-provider-aws
3 participants
@kyeah @bill-rich @anGie44