architecture.puml

@startuml architecture

!include https://raw.githubusercontent.com/plantuml-stdlib/C4-PlantUML/master/C4_Container.puml

title "[Containers] AWS Lambda to rotate Access Credentials\nstored in AWS Secretsmanager"

footer "Dmitry Kisler <admin@dkisler.com> - %date('yyyy-MM-dd')"

System_Boundary(aws, "AWS Account") {

    Container(lambda, "Secret Rotation Function", "AWS Lambda", "Go application")

    System_Boundary(sm_container_admin, "AWS Secretsmanager") {
        Container(sm_admin, "Secret Admin", "AWS Secretsmanager", "Admin access credentials")
    }

    System_Boundary(sm_container, "AWS Secretsmanager") {
        Container(sm, "Secret User", "AWS Secretsmanager", "Secret to rotate")
        Container(schedule, "Rotation Scheduler", "AWS Secretsmanager", "Rotation trigger")
    }
}

Container_Ext(service, "System delegated credentials store", "SaaS")

Lay_U(lambda, sm_container)
Lay_L(lambda, sm_container_admin)
Lay_R(schedule, sm)

Rel(schedule, lambda, "Invokes the lambda", "HTTP/JSON")
Rel(lambda, sm, "Generates and sets new secret's version", "HTTP/JSON")
Rel(lambda, sm_admin, "Reads admin access credentials", "HTTP/JSON")
Rel_R(lambda, service, "Sets new credentials", "TCP")

SHOW_LEGEND()

@enduml