-
-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ssm-parameter-store-parameter-set module (#16)
- Loading branch information
Showing
11 changed files
with
455 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
examples/ssm-parameter-store-parameter-set-string-ami/main.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
provider "aws" { | ||
region = "us-east-1" | ||
} | ||
|
||
data "aws_ami" "ubuntu_bionic" { | ||
most_recent = true | ||
owners = ["099720109477"] | ||
|
||
filter { | ||
name = "name" | ||
values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] | ||
} | ||
|
||
filter { | ||
name = "virtualization-type" | ||
values = ["hvm"] | ||
} | ||
} | ||
|
||
data "aws_ami" "ubuntu_focal" { | ||
most_recent = true | ||
owners = ["099720109477"] | ||
|
||
filter { | ||
name = "name" | ||
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] | ||
} | ||
|
||
filter { | ||
name = "virtualization-type" | ||
values = ["hvm"] | ||
} | ||
} | ||
|
||
data "aws_ami" "ubuntu_jammy" { | ||
most_recent = true | ||
owners = ["099720109477"] | ||
|
||
filter { | ||
name = "name" | ||
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"] | ||
} | ||
|
||
filter { | ||
name = "virtualization-type" | ||
values = ["hvm"] | ||
} | ||
} | ||
|
||
|
||
################################################### | ||
# Parameter on SSM Parameter Store | ||
################################################### | ||
|
||
module "ami" { | ||
source = "../../modules/ssm-parameter-store-parameter-set" | ||
# source = "tedilabs/secret/aws//modules/ssm-parameter-store-parameter-set" | ||
# version = "~> 0.3.0" | ||
|
||
path = "/ami/ubuntu" | ||
parameters = [ | ||
{ | ||
name = "/18.04" | ||
value = data.aws_ami.ubuntu_bionic.image_id | ||
}, | ||
{ | ||
name = "/20.04" | ||
value = data.aws_ami.ubuntu_focal.image_id | ||
}, | ||
{ | ||
name = "/22.04" | ||
value = data.aws_ami.ubuntu_jammy.image_id | ||
}, | ||
] | ||
|
||
## Default values | ||
tier = "STANDARD" | ||
type = "STRING" | ||
data_type = "aws:ec2:image" | ||
|
||
tags = { | ||
"project" = "terraform-aws-secret-examples" | ||
} | ||
} |
3 changes: 3 additions & 0 deletions
3
examples/ssm-parameter-store-parameter-set-string-ami/outputs.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
output "ami" { | ||
value = module.ami | ||
} |
10 changes: 10 additions & 0 deletions
10
examples/ssm-parameter-store-parameter-set-string-ami/versions.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_version = "~> 1.2" | ||
|
||
required_providers { | ||
aws = { | ||
source = "hashicorp/aws" | ||
version = "~> 4.0" | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
# ssm-parameter-store-parameter-set | ||
|
||
This module creates following resources. | ||
|
||
- `aws_ssm_parameter` | ||
|
||
<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --> | ||
## Requirements | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2 | | ||
| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.22 | | ||
|
||
## Providers | ||
|
||
| Name | Version | | ||
|------|---------| | ||
| <a name="provider_aws"></a> [aws](#provider\_aws) | 4.27.0 | | ||
|
||
## Modules | ||
|
||
No modules. | ||
|
||
## Resources | ||
|
||
| Name | Type | | ||
|------|------| | ||
| [aws_resourcegroups_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/resourcegroups_group) | resource | | ||
| [aws_ssm_parameter.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource | | ||
|
||
## Inputs | ||
|
||
| Name | Description | Type | Default | Required | | ||
|------|-------------|------|---------|:--------:| | ||
| <a name="input_parameters"></a> [parameters](#input\_parameters) | (Required) A list of parameters to manage in the parameter set. Each value of `parameters` block as defined below.<br> (Required) `name` - The name of the parameter. This is concatenated with the `path` of the parameter set for the id. The name should begin with slash (/) and end without trailing slash.<br> (Optional) `description` - The description of the parameter.<br> (Optional) `tier` - The parameter tier to assign to the parameter. Valid values are `STANDARD`, `ADVANCED` or `INTELLIGENT_TIERING`.<br> (Optional) `type` - The intended type of the parameter. Valid values are `STRING`, `STRING_LIST`. Not support `SECURE_STRING`.<br> (Optional) `data_type` - The data type of the parameter. Only required when `type` is `STRING`. Valid values are `text`, `aws:ec2:image` for AMI format.<br> (Optional) `allowed_pattern` - A regular expression used to validate the parameter value.<br> (Required) `value` - The value of the parameter. | `list(map(string))` | n/a | yes | | ||
| <a name="input_path"></a> [path](#input\_path) | (Required) A path used for the prefix of each parameter name created by this parameter set. The path should begin with slash (/) and end without trailing slash. | `string` | n/a | yes | | ||
| <a name="input_allowed_pattern"></a> [allowed\_pattern](#input\_allowed\_pattern) | (Optional) The default regular expression used to validate each parameter value in the parameter set. This is only used when a specific pattern for the parameter is not provided. For example, for `STRING` types with values restricted to numbers, you can specify `^d+$`. | `string` | `""` | no | | ||
| <a name="input_data_type"></a> [data\_type](#input\_data\_type) | (Optional) The default data type of parameters in the parameter set. Only required when `type` is `STRING`. This is only used when a specific data type of the parameter is not provided. Valid values are `text`, `aws:ec2:image` for AMI format. Defaults to `text`. | `string` | `"text"` | no | | ||
| <a name="input_description"></a> [description](#input\_description) | (Optional) The default description of parameters in the parameter set. This is only used when a specific description of the parameter is not provided. | `string` | `"Managed by Terraform."` | no | | ||
| <a name="input_module_tags_enabled"></a> [module\_tags\_enabled](#input\_module\_tags\_enabled) | (Optional) Whether to create AWS Resource Tags for the module informations. | `bool` | `true` | no | | ||
| <a name="input_resource_group_description"></a> [resource\_group\_description](#input\_resource\_group\_description) | (Optional) The description of Resource Group. | `string` | `"Managed by Terraform."` | no | | ||
| <a name="input_resource_group_enabled"></a> [resource\_group\_enabled](#input\_resource\_group\_enabled) | (Optional) Whether to create Resource Group to find and group AWS resources which are created by this module. | `bool` | `true` | no | | ||
| <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | (Optional) The name of Resource Group. A Resource Group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`. | `string` | `""` | no | | ||
| <a name="input_tags"></a> [tags](#input\_tags) | (Optional) A map of tags to add to all resources. | `map(string)` | `{}` | no | | ||
| <a name="input_tier"></a> [tier](#input\_tier) | (Optional) The default parameter tier to assign to parameters in the parameter set. This is only used when a specific tier of the parameter is not provided. Valid values are `STANDARD`, `ADVANCED` or `INTELLIGENT_TIERING`. Defaults to `INTELLIGENT_TIERING`. | `string` | `"INTELLIGENT_TIERING"` | no | | ||
| <a name="input_type"></a> [type](#input\_type) | (Optional) The default type of parameters in the parameter set. This is only used when a specific type of the parameter is not provided. Valid values are `STRING`, `STRING_LIST`. Not support `SECURE_STRING`. Defaults to `STRING`. | `string` | `"STRING"` | no | | ||
|
||
## Outputs | ||
|
||
| Name | Description | | ||
|------|-------------| | ||
| <a name="output_parameters"></a> [parameters](#output\_parameters) | The list of parameters in the parameter set. | | ||
| <a name="output_path"></a> [path](#output\_path) | The path used for the prefix of each parameter names managed by this parameter set. | | ||
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
locals { | ||
metadata = { | ||
package = "terraform-aws-secret" | ||
version = trimspace(file("${path.module}/../../VERSION")) | ||
module = basename(path.module) | ||
name = var.path | ||
} | ||
module_tags = var.module_tags_enabled ? { | ||
"module.terraform.io/package" = local.metadata.package | ||
"module.terraform.io/version" = local.metadata.version | ||
"module.terraform.io/name" = local.metadata.module | ||
"module.terraform.io/full-name" = "${local.metadata.package}/${local.metadata.module}" | ||
"module.terraform.io/instance" = local.metadata.name | ||
} : {} | ||
} | ||
|
||
locals { | ||
types = { | ||
"STRING" = "String" | ||
"STRING_LIST" = "StringList" | ||
"SECURE_STRING" = "SecureString" | ||
} | ||
tiers = { | ||
"STANDARD" = "Standard" | ||
"ADVANCED" = "Advanced" | ||
"INTELLIGENT_TIERING" = "Intelligent-Tiering" | ||
} | ||
} | ||
|
||
|
||
################################################### | ||
# Parameter on Systems Manager Parameter Store | ||
################################################### | ||
|
||
resource "aws_ssm_parameter" "this" { | ||
for_each = { | ||
for parameter in var.parameters : | ||
parameter.name => parameter | ||
} | ||
|
||
name = join("", [var.path, each.key]) | ||
description = try(each.value.description, var.description) | ||
tier = local.tiers[try(each.value.tier, var.tier)] | ||
|
||
type = local.types[try(each.value.type, var.type)] | ||
data_type = try(each.value.data_type, var.data_type) | ||
allowed_pattern = try(each.value.allowed_pattern, var.allowed_pattern) | ||
|
||
insecure_value = each.value.value | ||
|
||
# BUG: https://github.com/hashicorp/terraform-provider-aws/issues/25335 | ||
overwrite = true | ||
|
||
tags = merge( | ||
{ | ||
"Name" = join("", [var.path, each.key]) | ||
}, | ||
local.module_tags, | ||
var.tags, | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
output "path" { | ||
description = "The path used for the prefix of each parameter names managed by this parameter set." | ||
value = var.path | ||
} | ||
|
||
output "parameters" { | ||
description = "The list of parameters in the parameter set." | ||
value = { | ||
for name, parameter in aws_ssm_parameter.this : | ||
name => { | ||
id = parameter.id | ||
arn = parameter.arn | ||
name = parameter.name | ||
description = parameter.description | ||
tier = parameter.tier | ||
|
||
type = parameter.type | ||
data_type = parameter.data_type | ||
allowed_pattern = parameter.allowed_pattern | ||
|
||
value = parameter.insecure_value | ||
version = parameter.version | ||
} | ||
} | ||
} |
44 changes: 44 additions & 0 deletions
44
modules/ssm-parameter-store-parameter-set/resource-group.tf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
locals { | ||
resource_group_name = (var.resource_group_name != "" | ||
? var.resource_group_name | ||
: join(".", [ | ||
local.metadata.package, | ||
local.metadata.module, | ||
replace(local.metadata.name, "/[^a-zA-Z0-9_\\.-]/", "-"), | ||
]) | ||
) | ||
resource_group_filters = [ | ||
for key, value in local.module_tags : { | ||
"Key" = key | ||
"Values" = [value] | ||
} | ||
] | ||
resource_group_query = <<-JSON | ||
{ | ||
"ResourceTypeFilters": [ | ||
"AWS::AllSupported" | ||
], | ||
"TagFilters": ${jsonencode(local.resource_group_filters)} | ||
} | ||
JSON | ||
} | ||
|
||
resource "aws_resourcegroups_group" "this" { | ||
count = (var.resource_group_enabled && var.module_tags_enabled) ? 1 : 0 | ||
|
||
name = local.resource_group_name | ||
description = var.resource_group_description | ||
|
||
resource_query { | ||
type = "TAG_FILTERS_1_0" | ||
query = local.resource_group_query | ||
} | ||
|
||
tags = merge( | ||
{ | ||
"Name" = local.resource_group_name | ||
}, | ||
local.module_tags, | ||
var.tags, | ||
) | ||
} |
Oops, something went wrong.