diff --git a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
index 5a58d4ee4..e0cc2e8d0 100644
--- a/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
+++ b/docs/reference/modules/terraform-aws-data-storage/redshift/redshift.md
@@ -56,6 +56,11 @@ workaround, you can re-run the destroy command once the workspace gets deleted c
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S REDSHIFT MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
# ------------------------------------------------------------------------------------------------------
module "redshift" {
@@ -224,11 +229,21 @@ module "redshift" {
# there may even be a downtime during maintenance windows.
maintenance_window = "sun:07:00-sun:08:00"
+ # Whether to automatically manage the cluster admin credentials with AWS
+ # SecretsManager. When true, AWS will auto-generate and rotate the master
+ # password. Conflicts with master_password. See
+ # https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.
+ manage_master_password = null
+
# The password for the master user. If var.snapshot_identifier is non-empty,
- # this value is ignored. Required unless var.replicate_source_db is set.
- master_password = null
+ # this value is ignored. Conflicts with manage_master_password.
+ master_password = null # SENSITIVE
+
+ # KMS key ID for encrypting the managed master password secret. Only used when
+ # manage_master_password is true.
+ master_password_secret_kms_key_id = null
- # The username for the master user. Required unless var.replicate_source_db is
+ # The username for the master user. Required unless var.snapshot_identifier is
# set.
master_username = null
@@ -298,6 +313,11 @@ module "redshift" {
# ------------------------------------------------------------------------------------------------------
# DEPLOY GRUNTWORK'S REDSHIFT MODULE
+#
+# NOTE: This module uses some sensitive variables marked inline with "# SENSITIVE".
+# When using values other than defaults for these variables, set them through environment variables or
+# another secure method.
+#
# ------------------------------------------------------------------------------------------------------
terraform {
@@ -468,11 +488,21 @@ inputs = {
# there may even be a downtime during maintenance windows.
maintenance_window = "sun:07:00-sun:08:00"
+ # Whether to automatically manage the cluster admin credentials with AWS
+ # SecretsManager. When true, AWS will auto-generate and rotate the master
+ # password. Conflicts with master_password. See
+ # https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.
+ manage_master_password = null
+
# The password for the master user. If var.snapshot_identifier is non-empty,
- # this value is ignored. Required unless var.replicate_source_db is set.
- master_password = null
+ # this value is ignored. Conflicts with manage_master_password.
+ master_password = null # SENSITIVE
- # The username for the master user. Required unless var.replicate_source_db is
+ # KMS key ID for encrypting the managed master password secret. Only used when
+ # manage_master_password is true.
+ master_password_secret_kms_key_id = null
+
+ # The username for the master user. Required unless var.snapshot_identifier is
# set.
master_username = null
@@ -628,7 +658,7 @@ A list of IPv6 CIDR-formatted IP address ranges that this DB can connect. Use th
-
+
Specifies whether any cluster modifications are applied immediately, or during the next maintenance window.
@@ -871,10 +901,28 @@ The weekly day and time range during which system maintenance can occur (e.g. we
+
+
+
+Whether to automatically manage the cluster admin credentials with AWS SecretsManager. When true, AWS will auto-generate and rotate the master password. Conflicts with master_password. See https://docs.aws.amazon.com/redshift/latest/mgmt/redshift-secrets-manager-integration.html.
+
+
+
+
+
-The password for the master user. If snapshot_identifier is non-empty, this value is ignored. Required unless replicate_source_db is set.
+The password for the master user. If snapshot_identifier is non-empty, this value is ignored. Conflicts with manage_master_password.
+
+
+
+
+
+
+
+
+KMS key ID for encrypting the managed master password secret. Only used when manage_master_password is true.
@@ -883,7 +931,7 @@ The password for the master user. If snapsh
-The username for the master user. Required unless replicate_source_db is set.
+The username for the master user. Required unless snapshot_identifier is set.
@@ -1061,6 +1109,14 @@ The Redshift Cluster ID
+
+
+
+ARN of the auto-generated Secrets Manager secret containing admin credentials. Only populated when manage_master_password is true.
+
+
+
+
@@ -1104,6 +1160,6 @@ The ID of the Security Group that controls access to the cluster
"https://github.com/gruntwork-io/terraform-aws-data-storage/tree/v0.46.1/modules/redshift/outputs.tf"
],
"sourcePlugin": "module-catalog-api",
- "hash": "e1f14be18ac31a63293d2b10da5bbef5"
+ "hash": "5f022bb029154c8cb7cd1d3f22dc933c"
}
##DOCS-SOURCER-END -->