Open thomas-brx opened 1 year ago
And in case anybody needs a workaround, here is one using some ~horrible~creative config-injection:
snowflake_password = "\", \"password\": {\"ec2ParameterStore\": {\"parameterName\": \"foo.bar.baz\"}}, \"dummy\": \"dummy"
This will generate the configuration:
# DB password
"password": "", "password": {"ec2ParameterStore": {"parameterName": "foo.bar.baz"}}, "dummy": "dummy",
The second password
overrides the first, and the dummy
is there to swallow the extra quotation mark in the template.
Hi @thomas-brx if you have the bandwidth to implement this feature I would be more than happy to review and merge it in! Otherwise it might be a while until we get to adding this.
In https://github.com/snowplow/snowplow-rdb-loader/commit/656adb3113732e013859a204373805aa0dfea61b, support was added to store snowflake passwords in ec2 parameter store. It would be great if support was added in the terraform module as well, to avoid the real password being stored in the state file.
The instance role should then also include the policies required to read that password.