search

cloudposse / terraform-aws-ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource
https://cloudposse.com/accelerate
Apache License 2.0
339 stars 244 forks source link

Improve interface of the "secrets" input variable #106

Closed dvasiljevic-humanity closed 3 years ago

dvasiljevic-humanity commented 3 years ago

This is a suggestion, very similar to the one already created in #61 and improvement is closed.

The current way of passing secrets variables to the module is by using a list of maps

variable "secrets" {
  type = list(object({
    name      = string
    valueFrom = string
  }))
  description = "The secrets to pass to the container. This is a list of maps"
  default     = null
}

eg. with using parameter store

secrets = [
    {
      name  = "SECRET_1",
      valueFrom = "arn:aws:ssm:region:aws_account_id:parameter/parameter1_name"
    },
    {
      name  = "SECRET_2",
      valueFrom = "arn:aws:ssm:region:aws_account_id:parameter/parameter2_name"
    }
  ]

Hardcoded part of ARN (region and aws_account_id) i guess can be managed dynamically with local variables. Maybe there can be some refactoring to create type = map(any) variable

map_secrets = {
      "SECRET_1" = "parameter/parameter1_name"
      "SECRET_2" = "parameter/parameter2_name"
    }

Do you think this is possible?

Thanks, Dejan

davidvasandani commented 3 years ago

@dvasiljevic-humanity this PR solved the issue for me. Hope it helps you as well.