fixup! fixup! Fix RDS Data API credential lookup

whi-tw · whi-tw · commit bcdb59f8c0b6 · 2025-10-06T17:06:14.000+01:00
diff --git a/infra/modules/rds/parameters.tf b/infra/modules/rds/parameters.tf
@@ -32,6 +32,7 @@ resource "aws_ssm_parameter" "database_password" {
 }
 
 resource "aws_secretsmanager_secret" "data_api_credentials" {
+  #checkov:skip=CKV_AWS_149:The secret is already using the default key, which is sufficient
   for_each = var.apps_list
 
   name        = "data-api/${var.env_name}/${each.key}/rds-credentials"
@@ -51,6 +52,7 @@ resource "aws_secretsmanager_secret_version" "data_api_credentials" {
 
 resource "aws_ssm_parameter" "database_url" {
   #checkov:skip=CKV_AWS_337:The parameter is already using the default key
+  #checkov:skip=CKV2_FORMS_AWS_7:Database URLs should update when passwords or endpoints change
   for_each = var.apps_list
 
   name        = "/${each.key}-${var.env_name}/database/url"
