AWS SSM Parameter Store Terraform module
Terraform module which creates AWS SSM Parameters on AWS.
Available Features
- One of multiple SSM Parameters can be created
- Value type guesser
- Allow SSM Parameter to ignore changes in the value
- Wrapper module which allows managing multiple resources with less code
Usage
Parameter as String
module "string" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-parameter"
value = "some-value"
}
Parameter as SecureString
module "secret" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-secret-token"
value = "secret123123!!!"
secure_type = true
}
Parameter as StringList
module "list" {
source = "terraform-aws-modules/ssm-parameter/aws"
name = "my-list-parameter"
values = ["item1", "item2"] # "values" not "value"
}
Parameter with ignored value changes
module "list" {
source = "terraform-aws-modules/ssm-parameter/aws"
ignore_value_changes = true
name = "my-parameter-ignore-value-changes"
value = "some-value"
}
Multiple parameters
locals {
parameters = {
#########
# String
#########
"string_simple" = {
value = "string_value123"
}
"string" = {
type = "String"
value = "string_value123"
tier = "Intelligent-Tiering"
allowed_pattern = "[a-z0-9_]+"
}
###############
# SecureString
###############
"secure" = {
type = "SecureString"
value = "secret123123!!!"
tier = "Advanced"
description = "My awesome password!"
}
"secure_encrypted_true" = {
secure_type = true
value = "secret123123!!!"
key_id = "c938de44-1c09-4c91-89fd-b5881f06f317"
}
#############
# StringList
#############
"list_as_autoguess_type" = {
values = ["item1", "item2"]
}
"list_as_jsonencoded_string" = {
type = "StringList"
value = jsonencode(["item1", "item2"])
}
"list_as_plain_string" = {
type = "StringList"
value = "item1,item2"
}
"list_as_autoconvert_values" = {
type = "StringList"
values = ["item1", "item2"]
}
"list_empty_as_jsonencoded_string" = {
type = "StringList"
value = jsonencode([])
}
}
}
module "multiple" {
source = "terraform-aws-modules/ssm-parameter/aws"
for_each = local.parameters
name = try(each.value.name, each.key)
value = try(each.value.value, null)
values = try(each.value.values, [])
type = try(each.value.type, null)
secure_type = try(each.value.secure_type, null)
description = try(each.value.description, null)
tier = try(each.value.tier, null)
key_id = try(each.value.key_id, null)
allowed_pattern = try(each.value.allowed_pattern, null)
data_type = try(each.value.data_type, null)
}
Module wrappers
Users of this Terraform module can create multiple similar resources by using for_each meta-argument within module block which became available in Terraform 0.13.
Users of Terragrunt can achieve similar results by using modules provided in the wrappers directory, if they prefer to reduce amount of configuration files.
Examples
- Complete - shows all possible ways to create parameters.
Conditional Creation
The following values are provided to toggle on/off creation of the associated resources as desired:
module "parameter" {
source = "terraform-aws-modules/ssm-parameter/aws"
# Disable creation of all resources
create = false
# ... omitted
}
Authors
Module is maintained by Anton Babenko with help from these awesome contributors.
License
Apache 2 Licensed. See LICENSE for full details.