Closed nitrocode closed 6 months ago
/test terratest
/test all
I think we need a separated module for SSM / Secrets Manager like @jamengual mentioned. Then we can easily turn it on and off and have the variables located in the upstream module instead of here.
We can do some of it by using https://github.com/cloudposse/terraform-aws-ssm-parameter-store but not the password creation.
I was thinking about doing that later but maybe it should be a prerequisite for this PR.
This pull request is now in conflict. Could you fix it @nitrocode? 🙏
@nitrocode It would be great if you could make database_name
optional as well by specifying an empty string default value in variables.tf
.
Possible scenario would be I would like to do some modifications after I created the db instance from a snapshot and if database_name
is required and then it would force a replacement.
Thanks!
@arischow thanks for the suggestion. This PR is only for generating password credentials. Could you write that into a separate issue so we can track it?
This pull request is now in conflict. Could you fix it @nitrocode? 🙏
what
why
references
notes
ssm_enabled
be renamed tossm_parameters_enabled
to be more explicit ?ssm_key_prefix
instead of having to modify thessm_key_format
?module.rds_instance.hostname
andvar.database_port
to ssm ?systems-manager.tf
file ?var.ssm_region
and if one isn't passed in, it could use the current region ?database_name = ""
ornull
, should the name of the database be themodule.this.id
?database_name = null
so that means the ssm key itself would have the termnull
in there. Perhaps for ssm, if thedatabase_name == null
then we can use the uniquemodule.this.id
ormodule.this.name
?module.this.name
output
enable ssm with defaults
With `ssm_parameters_enabled = true` ```shell $ terraform plan Terraform will perform the following actions: # module.rds_instance.aws_ssm_parameter.rds_database["hostname"] will be created + resource "aws_ssm_parameter" "rds_database" { + arn = (known after apply) + data_type = (known after apply) + description = "RDS DB hostname" + id = (known after apply) + key_id = (known after apply) + name = "/rds/mydb/admin/db_hostname" + overwrite = true + tags_all = (known after apply) + tier = "Standard" + type = "String" + value = (sensitive value) + version = (known after apply) } # module.rds_instance.aws_ssm_parameter.rds_database["password"] will be created + resource "aws_ssm_parameter" "rds_database" { + arn = (known after apply) + data_type = (known after apply) + description = "RDS DB password" + id = (known after apply) + key_id = "alias/aws/ssm" + name = "/rds/mydb/admin/db_password" + overwrite = true + tags_all = (known after apply) + tier = "Standard" + type = "SecureString" + value = (sensitive value) + version = (known after apply) } # module.rds_instance.aws_ssm_parameter.rds_database["port"] will be created + resource "aws_ssm_parameter" "rds_database" { + arn = (known after apply) + data_type = (known after apply) + description = "RDS DB port" + id = (known after apply) + key_id = (known after apply) + name = "/rds/mydb/admin/db_port" + overwrite = true + tags_all = (known after apply) + tier = "Standard" + type = "String" + value = (sensitive value) + version = (known after apply) } # module.rds_instance.aws_ssm_parameter.rds_database["user"] will be created + resource "aws_ssm_parameter" "rds_database" { + arn = (known after apply) + data_type = (known after apply) + description = "RDS DB user" + id = (known after apply) + key_id = (known after apply) + name = "/rds/mydb/admin/db_user" + overwrite = true + tags_all = (known after apply) + tier = "Standard" + type = "String" + value = (sensitive value) + version = (known after apply) } Plan: 4 to add, 0 to change, 0 to destroy. ```enable ssm with merge defaults
With `ssm_parameters_enabled = true` and ```hcl save_parameter_ssm_map_merge = { user = { suffix = "admin/db_user_hello" description = "RDS DB user hihi" } } ``` ```shell $ terraform plan # hide previous 3 as seen above and only show the 1 difference # module.rds_instance.aws_ssm_parameter.rds_database["user"] will be created + resource "aws_ssm_parameter" "rds_database" { + arn = (known after apply) + data_type = (known after apply) + description = "RDS DB user hihi" + id = (known after apply) + key_id = (known after apply) + name = "/rds/mydb/admin/db_user_hello" + overwrite = true + tags_all = (known after apply) + tier = "Standard" + type = "String" + value = (sensitive value) + version = (known after apply) } ```