Closed arnoschutijzer closed 3 years ago
Can you expand on your reproducible steps ? What sensitive information are you putting in the module ? Can you remove that information from the module ?
Ah, this seems related to using SSM parameters as input in env variables.
We do this because we need to trimprefix
from the value of that SSM parameter but I guess we can trimprefix
when outputting to SSM and use the secrets
map.
I can reproduce the issue by planning the following:
provider "aws" {}
data "aws_ssm_parameter" "some_parameter" {
name = "/some/path"
}
module "container_definition" {
source = "github.com/cloudposse/terraform-aws-ecs-container-definition?ref=0.56.0"
container_image = "nginx"
container_name = "nginx"
environment = [{
name = "some_name",
value = data.aws_ssm_parameter.some_parameter.value
}]
}
I'd remove the ssm parameter from the module input, add it to the modules output (the output is simply json) before passing it to the task definition.
That also works. I'll close this out since it's not an issue with the module.
You could also try one of the sensitive outputs
https://github.com/cloudposse/terraform-aws-ecs-container-definition#outputs
That doesn't work sadly. In the script above I'm not using any outputs of the module so terraform is throwing an error just because the outputs that are not sensitive exist.
@arnoschutijzer the best way to do this is to use the map_secrets
or secrets
input which will make the ecs task retrieve the value from ssm without terraform having to do it.
provider "aws" {}
data "aws_ssm_parameter" "some_parameter" {
name = "/some/path"
}
module "container_definition" {
source = "cloudposse/ecs-container-definition/aws"
# Cloud Posse recommends pinning every module to a specific version
# version = "x.x.x"
container_image = "nginx"
container_name = "nginx"
map_secrets = {
some_name = data.aws_ssm_parameter.some_parameter.arn
}
}
Describe the Bug
Running
terraform plan
andterraform apply
using terraform 0.15.0 results in this error message:Expected Behavior
No error when planning / applying.
Steps to Reproduce
Steps to reproduce the behavior:
github.com/cloudposse/terraform-aws-ecs-container-definition?ref=0.56.0
as the sourceEnvironment (please complete the following information):
Anything that will help us triage the bug will help. Here are some ideas:
Additional Context
I think this issue is already fixed on master but there was no release. Can we get this released? We'd like to keep the version locked. EDIT: it's not actually fixed yet. I can give it a go but just marking the outputs as sensitive will be a bit too naive probably. 😄