Skip to content
/ terraform-aws-ssm-parameters Public template

Create AWS SSM Parameter Store parameters with a Terraform module. The creation/deletion (schema) is managed with Terraform, and the values should be maintained via AWS Console.

meirg.co.il

License

MIT license
5 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

unfor19/terraform-aws-ssm-parameters

BranchesTags

Repository files navigation

terraform-aws-ssm-parameters

tests Terraform-Registry

Create AWS SSM Parameter Store parameters with a Terraform module. The creation/deletion (schema) is managed with Terraform, and the values should be maintained via AWS Console.

To manage AWS SSM Parameters values programatically, use unfor19/parzival - "A CLI that can get/set more than 10 SSM Parameters by path in a single command."

Usage

module "app_params" {
    source  = "unfor19/ssm-parameters/aws"
    version = "0.0.2"

    prefix = "/myapp/dev/"

    string_parameters = [
        "LOG_LEVEL",
    ]
    securestring_parameters = [
        "GOOGLE_CLIENT_ID",
        "GOOGLE_CLIENT_SECRET"
    ]
}

Requirements

Name Version
terraform >= 0.12.31
aws >= 3.38

Providers

Name Version
aws >= 3.38

Inputs

Name Description Type Default Required
key_id When using SecureString, use a specific KMS key string "alias/aws/ssm" no
overwrite DANGEROUS Overwrites parameter if exists, use carefully bool false no
prefix Set a prefix to all variables, for example: /myapp/dev/ string "" no
securestring_initial_value Initial value for SecureString(s) string "empty" no
securestring_parameters List of SecureString(s) list(string) [] no
securestring_tier Valid values: Standard, Advanced and Intelligent-Tiering string "Standard" no
string_initial_value Initial value for String(s) string "empty" no
string_parameters List of String(s) list(string) [] no
string_tier Valid values: Standard, Advanced and Intelligent-Tiering string "Standard" no
stringlist_initial_value Initial value for StringList(s) string "empty" no
stringlist_parameters List of StringList(s) list(string) [] no
stringlist_tier Valid values: Standard, Advanced and Intelligent-Tiering string "Standard" no

Outputs

Name Description
securestring_arns List of SecureString ARNs
securestring_names List of SecureString names
string_arns List of String ARNs
string_names List of String names
stringlist_arns List of StringList ARNs
stringlist_names List of StringList names

Troubleshooting

  • ParameterAlreadyExists - to overcome this error, you'll have to pass the overwrite = true variable. This also means that the current values will be overwritten with the dummy initial value empty. This is very dangerous and should be used with cautious.

    Error: error updating SSM parameter (/myapp/dev/GOOGLE_CLIENT_ID): ParameterAlreadyExists: Parameter /myapp/dev/GOOGLE_CLIENT_ID already exists.

Local Development

Expand/Collapse

For local development, we'll use the following services

Requirements

Development Process

Run tfcoding and localstack locally with docker-compose

make up-localstack-aws

Make changes in examples/basic/tfcoding.tf and save the file

Check the logs of the tfcoding Docker container

# ... omitted for brevity
tfcoding-aws    | Outputs:
tfcoding-aws    | 
tfcoding-aws    | securestring_arns = [
tfcoding-aws    |   "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/GOOGLE_CLIENT_ID",
tfcoding-aws    |   "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/GOOGLE_CLIENT_SECRET",
tfcoding-aws    | ]
tfcoding-aws    | securestring_names = [
tfcoding-aws    |   "/myapp/dev/GOOGLE_CLIENT_ID",
tfcoding-aws    |   "/myapp/dev/GOOGLE_CLIENT_SECRET",
tfcoding-aws    | ]
tfcoding-aws    | string_arns = [
tfcoding-aws    |   "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/LOG_LEVEL",
tfcoding-aws    | ]
tfcoding-aws    | string_names = [
tfcoding-aws    |   "/myapp/dev/LOG_LEVEL",
tfcoding-aws    | ]
tfcoding-aws    | stringlist_arns = []
tfcoding-aws    | stringlist_names = []

Test Suite

Execute the script scripts/tests.sh

make test

Examine the output

... # omitted for brevity
Outputs:

securestring_arns = [
  "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/GOOGLE_CLIENT_ID",
  "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/GOOGLE_CLIENT_SECRET",
]
securestring_names = [
  "/myapp/dev/GOOGLE_CLIENT_ID",
  "/myapp/dev/GOOGLE_CLIENT_SECRET",
]
string_arns = [
  "arn:aws:ssm:us-east-1:000000000000:parameter/myapp/dev/LOG_LEVEL",
]
string_names = [
  "/myapp/dev/LOG_LEVEL",
]
stringlist_arns = []
stringlist_names = []

\e[92m[SUCCESS]\e[0m Test passed as expected

NOTE: \e[92m]...\e[0m] is colorizing the text in CI/CD services logs such as GitHub Actions

Contributing

Report issues/questions/feature requests on the Issues section.

Pull requests are welcome! These are the steps:

  1. Fork this repo
  2. Create your feature branch from master (git checkout -b my-new-feature)
  3. Add the code of your new feature; expand the above Local Development section to learn how
  4. Run tests on your code, feel free to add more tests 
    make test
... # All good? Move on to the next step
  5. Commit your remarkable changes (git commit -am 'Added new feature')
  6. Push to the branch (git push --set-up-stream origin my-new-feature)
  7. Create a new Pull Request and provide details about your changes

Authors

Created and maintained by Meir Gabay

License

This project is licensed under the MIT License - see the LICENSE file for details

About

Create AWS SSM Parameter Store parameters with a Terraform module. The creation/deletion (schema) is managed with Terraform, and the values should be maintained via AWS Console.

meirg.co.il

Topics

aws parameters terraform ssm parameterstore

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

4 forks
Report repository

Releases 2

0.0.2 Latest
Sep 15, 2021
+ 1 release

Packages

No packages published

Languages