Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/tomarv2/terraform-aws-parameterstore

Terraform module for AWS SSM ParameterStore
https://github.com/tomarv2/terraform-aws-parameterstore

aws aws-parameter-store terraform terraform-module

Last synced: 10 months ago
JSON representation

Terraform module for AWS SSM ParameterStore

Awesome Lists containing this project

README 

          


    

        

    

        

    

        

    

        

    

        

    

        




## Terraform module for [AWS Parameterstore](https://registry.terraform.io/modules/tomarv2/parameterstore/aws/latest)



### Versions



- Module tested for Terraform 1.0.1.

- AWS provider version [3.74](https://registry.terraform.io/providers/hashicorp/aws/latest)

- `main` branch: Provider versions not pinned to keep up with Terraform releases

- `tags` releases: Tags are pinned with versions (use 

         in your releases)



### Usage



#### Option 1:



```

terrafrom init

terraform plan -var='teamid=tryme' -var='prjid=project1'

terraform apply -var='teamid=tryme' -var='prjid=project1'

terraform destroy -var='teamid=tryme' -var='prjid=project1'

```

**Note:** With this option please take care of remote state storage



#### Option 2:



##### Recommended method (stores remote state in remote backend(S3,  Azure storage, or Google bucket) using `prjid` and `teamid` to create directory structure):



- Create python 3.8+ virtual environment

```

python3 -m venv 

```



- Install package:

```

pip install tfremote --upgrade

```



- Set below environment variables:

```

export TF_AWS_BUCKET=

export TF_AWS_BUCKET_REGION=us-west-2

export TF_AWS_PROFILE=

```



or



- Set below environment variables:

```

export TF_AWS_BUCKET=

export TF_AWS_BUCKET_REGION=us-west-2

export AWS_ACCESS_KEY_ID=

export AWS_SECRET_ACCESS_KEY=

```



- Updated `examples` directory with required values.



- Run and verify the output before deploying:

```

tf -c=aws plan -var='teamid=foo' -var='prjid=bar'

```



- Run below to deploy:

```

tf -c=aws apply -var='teamid=foo' -var='prjid=bar'

```



- Run below to destroy:

```

tf -c=aws destroy -var='teamid=foo' -var='prjid=bar'

```



**Note:** Read more on [tfremote](https://github.com/tomarv2/tfremote)

##### SSM Parameterstore (String and SecuredString)

```

module "ssm_parameter" {

  source = "../"



  parameter_write = [

    {

      name        = "/security/demo"

      value       = "WORLD"

      type        = "String"

      overwrite   = "true"

      description = "hello world string"

    },

    {

      name        = "/security/demo-secured"

      value       = "helloworld"

      type        = "SecureString"

      overwrite   = "true"

      description = "hello world secured string"

    }

  ]

  kms_alias = "alias/aws/ssm"

  #-----------------------------------------------

  # Note: Do not change teamid and prjid once set.

  teamid = var.teamid

  prjid  = var.prjid

}

```



Please refer to examples directory [link](examples) for references.



## Requirements



| Name | Version |

|------|---------|

|  [terraform](#requirement\_terraform) | >= 1.0.1 |

|  [aws](#requirement\_aws) | ~> 3.74 |



## Providers



| Name | Version |

|------|---------|

|  [aws](#provider\_aws) | ~> 3.74 |



## Modules



No modules.



## Resources



| Name | Type |

|------|------|

| [aws_ssm_parameter.default](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |

| [aws_ssm_parameter.ignore_value_changes](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |



## Inputs



| Name | Description | Type | Default | Required |

|------|-------------|------|---------|:--------:|

|  [allowed\_pattern](#input\_allowed\_pattern) | A regular expression used to validate the parameter value. | `string` | `""` | no |

|  [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no |

|  [ignore\_value\_changes](#input\_ignore\_value\_changes) | Whether to ignore future external changes in paramater values | `map` | `{}` | no |

|  [kms\_alias](#input\_kms\_alias) | The ARN of a KMS key used to encrypt and decrypt SecretString values | `string` | `"aws/ssm"` | no |

|  [kms\_arn](#input\_kms\_arn) | The ARN of a KMS key used to encrypt and decrypt SecretString values | `string` | `""` | no |

|  [parameter\_write](#input\_parameter\_write) | List of maps with the parameter values to write to SSM Parameter Store | `list(map(string))` | `[]` | no |

|  [parameter\_write\_defaults](#input\_parameter\_write\_defaults) | Parameter write default settings | `map(any)` | 
{
  "allowed_pattern": null,
  "data_type": "text",
  "description": null,
  "overwrite": "false",
  "tier": "Standard",
  "type": "String"
}
 | no |

|  [parameter\_write\_ignore\_values](#input\_parameter\_write\_ignore\_values) | Feature flag, true or false | `list(map(string))` | `[]` | no |

|  [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes |

|  [split\_delimiter](#input\_split\_delimiter) | A delimiter for splitting and joining lists together for normalising the output | `string` | `"~^~"` | no |

|  [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes |



## Outputs



| Name | Description |

|------|-------------|

|  [arn\_map](#output\_arn\_map) | A map of the names and ARNs created |

|  [map](#output\_map) | A map of the names and values created |

|  [names](#output\_names) | A list of all of the parameter names |

|  [values](#output\_values) | A list of all of the parameter values |