Set recovery window to 0 on admin connection url secret when non-prod

Author: BSick7

aws/tf/connection_url.tf

@@ -1,6 +1,7 @@
 resource "aws_secretsmanager_secret" "db_admin_pg" {
-  name = "${var.name}/conn_url"
-  tags = var.tags
+  name                    = "${var.name}/conn_url"
+  tags                    = var.tags
+  recovery_window_in_days = var.is_prod_env ? 7 : 0
 }
 
 resource "aws_secretsmanager_secret_version" "db_admin_pg" {

aws/tf/variables.tf

@@ -35,6 +35,16 @@ variable "password" {
   type        = string
 }
 
+variable "is_prod_env" {
+  type        = bool
+  default     = true
+  description = <<EOF
+When destroying, is_prod_env determines the recovery window for the admin password secret.
+If true, a 7-day recovery window will be configured.
+If not, secret will be deleted immediately.
+EOF
+}
+
 variable "network" {
   description = <<EOF
 Network configuration.