If you do not want to generate it with the random_string resource, you can just supply it in your environment configuration file (tfvars file), but of course the caveat here is that if you check in this file into github it's visible in plaintext. Where as the Terraform generated state file can be stored in an encrypted S3 bucket.
The other option is to enable IAM role access, which is the safest way actually to set up authorization over using an explicitly set password as I did. Check this article how to do that: aws.amazon.com/premiumsupport/know...
If you do not want to generate it with the random_string resource, you can just supply it in your environment configuration file (tfvars file), but of course the caveat here is that if you check in this file into github it's visible in plaintext. Where as the Terraform generated state file can be stored in an encrypted S3 bucket.
The other option is to enable IAM role access, which is the safest way actually to set up authorization over using an explicitly set password as I did. Check this article how to do that:
aws.amazon.com/premiumsupport/know...
I hope that helps
There's another option, using Secrets Manager. See this article how that's done.
github.com/aws-samples/aws-serverl...
In terms of security, I'd rate it:
1) IAM
2) Secrets Manager
3) Terraform state storage on encrypted S3
4) Input at Terraform deployment