Terraform module which creates AWS SSM Parameters on AWS.
- One of multiple SSM Parameters can be created
- Value type guesser
- Allow SSM Parameter to ignore changes in the value
- Wrapper module which allows managing multiple resources with less code
module "string" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-parameter"
value = "some-value"
}module "secret" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-secret-token"
value = "secret123123!!!"
secure_type = true
}module "list" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-list-parameter"
values = ["item1", "item2"] # "values" not "value"
}module "list" {
source = "terraform-aws-modules/ssm-parameter/aws"
ignore_value_changes = true
name = "my-parameter-ignore-value-changes"
value = "some-value"
}locals {
parameters = {
#########
# String
#########
"string_simple" = {
value = "string_value123"
}
"string" = {
type = "String"
value = "string_value123"
tier = "Intelligent-Tiering"
allowed_pattern = "[a-z0-9_]+"
}
###############
# SecureString
###############
"secure" = {
type = "SecureString"
value = "secret123123!!!"
tier = "Advanced"
description = "My awesome password!"
}
"secure_encrypted_true" = {
secure_type = true
value = "secret123123!!!"
key_id = "c938de44-1c09-4c91-89fd-b5881f06f317"
}
#############
# StringList
#############
"list_as_autoguess_type" = {
values = ["item1", "item2"]
}
"list_as_jsonencoded_string" = {
type = "StringList"
value = jsonencode(["item1", "item2"])
}
"list_as_plain_string" = {
type = "StringList"
value = "item1,item2"
}
"list_as_autoconvert_values" = {
type = "StringList"
values = ["item1", "item2"]
}
"list_empty_as_jsonencoded_string" = {
type = "StringList"
value = jsonencode([])
}
}
}
module "multiple" {
source = "terraform-aws-modules/ssm-parameter/aws"
for_each = local.parameters
name = try(each.value.name, each.key)
value = try(each.value.value, null)
values = try(each.value.values, [])
type = try(each.value.type, null)
secure_type = try(each.value.secure_type, null)
description = try(each.value.description, null)
tier = try(each.value.tier, null)
key_id = try(each.value.key_id, null)
allowed_pattern = try(each.value.allowed_pattern, null)
data_type = try(each.value.data_type, null)
}Users of this Terraform module can create multiple similar resources by using for_each meta-argument within module block which became available in Terraform 0.13.
Users of Terragrunt can achieve similar results by using modules provided in the wrappers directory, if they prefer to reduce amount of configuration files.
- Complete - shows all possible ways to create parameters.
The following values are provided to toggle on/off creation of the associated resources as desired:
module "parameter" {
source = "terraform-aws-modules/ssm-parameter/aws"
# Disable creation of all resources
create = false
# ... omitted
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.37 |
| Name | Version |
|---|---|
| aws | >= 4.37 |
No modules.
| Name | Type |
|---|---|
| aws_ssm_parameter.ignore_value | resource |
| aws_ssm_parameter.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| allowed_pattern | Regular expression used to validate the parameter value. | string |
null |
no |
| create | Whether to create SSM Parameter | bool |
true |
no |
| data_type | Data type of the parameter. Valid values: text, aws:ssm:integration and aws:ec2:image for AMI format. | string |
null |
no |
| description | Description of the parameter | string |
null |
no |
| ignore_value_changes | Whether to create SSM Parameter and ignore changes in value | bool |
false |
no |
| key_id | KMS key ID or ARN for encrypting a parameter (when type is SecureString) | string |
null |
no |
| name | Name of SSM parameter | string |
null |
no |
| secure_type | Whether the type of the value should be considered as secure or not? | bool |
false |
no |
| tags | A mapping of tags to assign to resources | map(string) |
{} |
no |
| tier | Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard, Advanced, and Intelligent-Tiering. Downgrading an Advanced tier parameter to Standard will recreate the resource. | string |
null |
no |
| type | Type of the parameter. Valid types are String, StringList and SecureString. | string |
null |
no |
| value | Value of the parameter | string |
null |
no |
| values | List of values of the parameter (will be jsonencoded to store as string natively in SSM) | list(string) |
[] |
no |
| Name | Description |
|---|---|
| insecure_value | Insecure value of the parameter |
| raw_value | Raw value of the parameter (as it is stored in SSM). Use 'value' output to get jsondecode'd value |
| secure_type | Whether SSM parameter is a SecureString or not? |
| secure_value | Secure value of the parameter |
| ssm_parameter_arn | The ARN of the parameter |
| ssm_parameter_name | Name of the parameter |
| ssm_parameter_tags_all | All tags used for the parameter |
| ssm_parameter_type | Type of the parameter |
| ssm_parameter_version | Version of the parameter |
| value | Parameter value after jsondecode(). Probably this is what you are looking for |
Module is maintained by Anton Babenko with help from these awesome contributors.
Apache 2 Licensed. See LICENSE for full details.
