Terraform SSM Parameter Module

This module can be used to create AWS SSM Parameters accepting input from a structured JSON file or from Terraform variables/direct input text. The module output can be used in other AWS resources and pass either secure or ine See below for examples on usage and required module inputs.

Example 1 - SSM Parameters from an input file

# Create SSM parameters using a JSON input file
module my_parameters_from_file {
    source = "git::https://github.com/path_to_module/ssm_module.git"
    input_file = "ssm_input.json"
    key_id = "arn:aws:kms:us-west-2:2309209292:key/21ba1676-db71-4c0e-b8be-xxxxxxxx"
    tags = {env = "non-prod", paramset = "my tag value"}
}

ssm_input.json:

{
    "aws_ssm_parameter": [
        {
            "ssm_param_name": "/stg/app-name/my-param-1",
            "ssm_param_tier": "Standard",
            "ssm_param_type": "String",
            "ssm_param_value": "my-insecure-string-value-1"
        },
        {
            "ssm_param_name": "/stg/app-name/my-secure-param-1",
            "ssm_param_tier": "Standard",
            "ssm_param_type": "SecureString",
            "ssm_param_value": "AQICAHjT9xes01gdm2hqKR6JVG0KQcw1bZquiHq1xvG7mLN/yQFd0P4AlF533xSiXrccDAjaAAAAcDBuBgkqhkiG9w0BBwagYTBfAgEAMFoGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMa9/87wed3EvR8NaiAgEQgC1CALoaU0besNWGLH+3wHuaPwacgrRdz3jzilBzU9NNTGIjTSsD3f0R2xOhCYw="
        }
    ]
}

Example 2 - SSM Parameters from Terraform variables file

# Create SSM parameters from a variable or directly as an input
module my_parameters_from_variables {
    source = "git::https://github.com/path_to_module/ssm_module.git"
    key_id = var.key_arn
    ssm_parameter = var.ssm_params
}

Example 3 - Pass module outputs to other AWS services

# Create SSM parameters using a JSON input file
module my_parameters_from_file {
    source = "git::https://github.com/path_to_module/ssm_module.git"
    input_file = var.input_file
    key_id = var.key_arn
    tags = var.tags
}

# Example using the created SSM parameter in a secret
resource "aws_secretsmanager_secret" "ssm_param_secret" {
  name = "${module.my_parameters_from_file.all_parameters["/prd/my-parameter"].name}"
}

# Example using the created SSM parameter as a secret value
resource "aws_secretsmanager_secret_version" "ssm_param_secret_version" {
  secret_id     = aws_secretsmanager_secret.ssm_param_secret.id
  secret_string = "${module.my_parameters_from_file.all_parameters["/prd/my-parameter"].value}"
}

Inputs

Name	Description	Type	Default	Required
allowed_pattern	Regular expression used to validate parameter values.	string	null	no
data_type	Parameter data type.	string	"text"	no
encryption_algorithm	Encryption algorithm if a secure SSM Param is not built with a KMS cipherblob	string	null	no
input_file	Input file with AWS SSM Parameters.	string	null	no
key_id	KMS key ARN.	string	n/a	yes
overwrite	Overwrite an existing parameter.	bool	null	no
region	AWS region	string	"us-west-2"	no
ssm_parameter	SSM parameter created outside of a file.	object( { aws_ssm_parameter = list(object({ ssm_param_name = string ssm_param_tier = string ssm_param_type = string ssm_param_value = string ssm_param_description = optional(string) } )) } )	null	no
tags	Tags to apply to your SSM Parameters. May not be necessary if your account has auto-tagging enabled.	map(string)	null	no

Outputs

Name	Description
all_parameters	output "parameters_value" { #value = aws_ssm_parameter.ssm_params.name # value = [ # for param in aws_ssm_parameter.ssm_params.name : param.name # ] value = values(aws_ssm_parameter.ssm_params)[*].value sensitive = true } output "secure_parameters" { value = aws_ssm_parameter.secure_ssm_params.name sensitive = true }
all_parameters_name	n/a
all_parameters_value	n/a