fix: Marked AMI id as nonsensitive

[kevingunn-wk]

Description

When running terraform plan - the ami is hidden and marked as sensitive. This happens whether or not an AMI Id is provided or ami_ssm_parameter is used. This is because aws_ssm_parametervalue is by default a sensitive value.

Example:

 # module.ec2.aws_instance.this[0] will be created
  + resource "aws_instance" "this" {
      + ami                                  = (sensitive value)
      + arn                                  = (known after apply)
      + associate_public_ip_address          = true
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)

Motivation and Context

When running terraform plan, it would be nice to know the AMI ID, especially when a replace is triggered. If I am replacing the instance because of an AMI change, I want to make sure the correct AMI ID is being used. This is especially helpful when using ami_ssm_parameter, to make sure the correct paramter value is used.

I also think it might be useful to include the AMI as the output. When using ami_ssm_parameter, the actual AMI Id is not obvious, so including it in the output makes it easy to identify which AMI was used from the parameter store.

Breaking Changes

N/A

How Has This Been Tested?

• (n/a) I have updated at least one of the examples/* to demonstrate and validate my change(s)
• [x] I have tested and validated these changes using one or more of the provided examples/* projects
• [x] I have executed pre-commit run -a on my pull request

Ran terraform plan after making the change

 # module.ec2_t3_unlimited.aws_instance.this[0] will be created
  + resource "aws_instance" "this" {
      + ami                                  = "ami-05247819264504af0"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = true
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = (known after apply)

[github-actions[bot]]

This PR has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

[kevingunn-wk]

Not stale - would still be nice to see this merged so that AMI Ids are not flagged as sensitive.

[antonbabenko]

This PR is included in version 4.3.1 :tada:

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.