-
-
Notifications
You must be signed in to change notification settings - Fork 61
/
main.tf
54 lines (46 loc) · 2.05 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
locals {
enabled = module.this.enabled
parameter_write = local.enabled && !var.ignore_value_changes ? { for e in var.parameter_write : e.name => merge(var.parameter_write_defaults, e) } : {}
parameter_write_ignore_values = local.enabled && var.ignore_value_changes ? { for e in var.parameter_write : e.name => merge(var.parameter_write_defaults, e) } : {}
parameter_read = local.enabled ? var.parameter_read : []
}
data "aws_ssm_parameter" "read" {
count = length(local.parameter_read)
name = element(local.parameter_read, count.index)
}
resource "aws_ssm_parameter" "default" {
for_each = local.parameter_write
name = each.key
description = each.value.description
type = each.value.type
tier = each.value.tier
key_id = each.value.type == "SecureString" && length(var.kms_arn) > 0 ? var.kms_arn : ""
value = each.value.value
# Note on the deprecation warning:
# Configurations expecting the standard update flow will need to keep overwrite = true set
# until this becomes the default behavior in v6.0.0. Removing it in v5.X will result in
# the default value of false, preventing the parameter value from being updated.
# Source: https://github.com/hashicorp/terraform-provider-aws/issues/25636#issuecomment-1623661159
overwrite = each.value.overwrite
allowed_pattern = each.value.allowed_pattern
data_type = each.value.data_type
tags = module.this.tags
}
resource "aws_ssm_parameter" "ignore_value_changes" {
for_each = local.parameter_write_ignore_values
name = each.key
description = each.value.description
type = each.value.type
tier = each.value.tier
key_id = each.value.type == "SecureString" && length(var.kms_arn) > 0 ? var.kms_arn : ""
value = each.value.value
overwrite = each.value.overwrite
allowed_pattern = each.value.allowed_pattern
data_type = each.value.data_type
tags = module.this.tags
lifecycle {
ignore_changes = [
value,
]
}
}