Terraform does not have built-in functionality for automatically adding taints to resources based on a TTL (Time To Live).
But yes, you can use the lifecycle block to force the recreation of aws_iam_access_key resources based on an external data source(json format) providing the desired Time-to-Live (TTL) as below :
Create a data source that returns the desired TTL or expiration duration for access keys(access_key_ttl.json)
{
"ttl_days": 30
}Now, in your Terraform configuration, you can define a data source to read this JSON file ()
data "http" "access_key_ttl" {
url = "https://example.com/access_key_ttl.json"
}With the data source in place, you can use replace_triggered_by meta-argument in the lifecycle block to automatically recreate aws_iam_access_key resources.
https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#replace_triggered_by
resource "aws_iam_access_key" "example" {
user = aws_iam_user.example.name
lifecycle {
create_before_destroy = true
ignore_changes = [
id,
status,
create_date,
]
replace_triggered_by = [
data.http.access_key_ttl.body,
]
}
}
But again you need to set up a cron job which can periodically update the TTL data source e.g., the access_key_ttl.json file) with a new value.
When the TTL value changes, Terraform will detect the change and recreate the aws_iam_access_key resource based on the replace_triggered_by meta-argument.