Terraform | Secrets Manager | Reuse of existing secrets without deleting

Question

I am creating Secrets in AWS using Terraform code. My Jenkins pipeline will create the infrastructure every 2 hours and destroys it. Once Infrastructure re-creates after 2 hours, it happened that, AWS Secrets is not allowing me to re-create again and throwing me with below error. Please suggest.

Error: error creating Secrets Manager Secret: InvalidRequestException: You can't create this secret because a secret with this name is already scheduled for deletion.
    status code: 400, request id: e4f8cc85-29a4-46ff-911d-c5115716adc5

TF code:-

resource "aws_secretsmanager_secret" "secret" {
  description         = "${var.environment}"
  kms_key_id          = "${data.aws_kms_key.sm.arn}"
  name                = "${var.environment}-airflow-secret"
}
resource "random_string" "rds_password" {
  length = 16
  special = true
}


resource "aws_secretsmanager_secret_version" "secret" {
  secret_id     = "${aws_secretsmanager_secret.secret.id}"
  secret_string = <<EOF
{
  "rds_password": "${random_string.rds_password.result}"
  }
EOF
}

TF code plan output:-

  # module.aws_af_aws_secretsmanager_secret.secret will be created
  + resource "aws_secretsmanager_secret" "secret" {
      + arn                     = (known after apply)
      + description             = "dev-airflow-secret"
      + id                      = (known after apply)
      + kms_key_id              = "arn:aws:kms:eu-central-1"
      + name                    = "dev-airflow-secret"
      + name_prefix             = (known after apply)
      + recovery_window_in_days = 30
      + rotation_enabled        = (known after apply)
    }

  # module.aws_af.aws_secretsmanager_secret_version.secret will be created
  + resource "aws_secretsmanager_secret_version" "secret" {
      + arn            = (known after apply)
      + id             = (known after apply)
      + secret_id      = (known after apply)
      + secret_string  = (sensitive value)
      + version_id     = (known after apply)
      + version_stages = (known after apply)
    }

Answer 1

You need to set the recovery window to 0 for immediate deletion of secrets.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/secretsmanager_secret#recovery_window_in_days

recovery_window_in_days - (Optional) Specifies the number of days that AWS Secrets Manager waits before it can delete the secret. This value can be 0 to force deletion without recovery or range from 7 to 30 days. The default value is 30.