Integrating AWS Secrets Manager with Vercel Using Terraform

Introduction

This guide provides step-by-step instructions on how to integrate AWS Secrets Manager with Vercel using Terraform. Terraform, an infrastructure as code tool, enables developers to define and provision infrastructure using configuration files. You will leverage Terraform to manage both AWS and Vercel resources, ensuring a seamless integration for managing secrets and deploying applications.

See the Integrating Terraform with Vercel guide for more detail on how to integrate terraform with Vercel.

Prerequisites

• Basic understanding of Terraform, AWS, and Vercel
• Terraform installed on your machine
• AWS CLI installed and configured with necessary permissions
• Vercel account and CLI installed

Step 1: Setting up your Terraform configuration

Start by creating a Terraform configuration file, main.tf. This file will define the required providers and resources.

Providers setup

1. Define the AWS and Vercel providers: Specify the version and source for both AWS and Vercel providers.

terraform {
  required_providers {
    vercel = {
      source = "vercel/vercel"
      version = "~> 0.3"
    }
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

2. Configure the providers: Set your Vercel team and AWS region.

provider "vercel" {
  team = ""  // Replace with your team ID
}

provider "aws" {
  region = "us-west-2"  // Replace with your preferred region
}

AWS Secrets Manager resource

1. Create a secret in AWS Secrets Manager: Define a resource for creating a secret. Note that you'll manually set the secret value in the AWS console after you create the resource. You will need to complete that before you are able to subsequently pull the value.

resource "aws_secretsmanager_secret" "example" {
  name = "example"
}

2. Retrieve the secret value: Use a data source to get the latest version of the secret after setting it manually in AWS.

data "aws_secretsmanager_secret_version" "example" {
  secret_id = aws_secretsmanager_secret.example.id
}

Step 2: Setting up Vercel project with Terraform

Vercel project resource

1. Create a Vercel project: Define a Vercel project resource. This example uses a Next.js project.

resource "vercel_project" "example" {
  name      = "example-project"  // Replace with your project name
  framework = "nextjs"
}

2. Add environment variable from AWS Secrets Manager: Define a Vercel project environment variable resource. It uses the secret string from AWS Secrets Manager.

resource "vercel_project_environment_variable" "example" {
  project_id = vercel_project.example.id
  key        = "foo"  // Replace with your desired env var name
  value      = data.aws_secretsmanager_secret_version.example.secret_string
  target     = ["production"]
}

Step 3: Deploying your configuration

1. Initialize Terraform: Run terraform init in your terminal within the directory containing your main.tf file. This will initialize Terraform and download the necessary provider plugins.
2. Apply configuration: Run terraform apply to create the resources defined in your configuration. Confirm the action when prompted.

Conclusion

You have now successfully integrated AWS Secrets Manager with your Vercel project using Terraform. This setup allows you to securely manage environment variables and integrate them into your Vercel deployments.