SSM configuration refactored

moritzzimmer released this 28 Aug 10:52

Introducing a new configuration object ssm to specify SSM parameter names. The IAM role will be enhanced with read permissions to those parameters.

In addition the variable kms_key_arn will (also) be set in the aws_lambda_function as described in https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#kms_key_arn.

(for spring-media users, this fixes spring-media/terraform-aws-lambda#61 and spring-media/terraform-aws-lambda#59)

Deprecations:

the old ssm_parameter_names variable is deprecated and scheduled for deletion in the next major release of this module
using kms_key_arn to create an IAM role attachment to allow kms:Decrypt for custom keys is deprecated and will be removed in the next major release of this module

Assets 2