Support configuring multiple parameters in parameter store

Author: Ben Fortuna

.gitignore

@@ -0,0 +1,3 @@
+# Created by .ignore support plugin (hsz.mobi)
+terraform-aws-ssm-parameters.iml
+.terraform/

Makefile

@@ -0,0 +1,19 @@
+SHELL:=/bin/bash
+TERRAFORM_VERSION=0.13.0
+TERRAFORM=docker run --rm -v "${PWD}:/work" -v "${HOME}:/root" -e AWS_DEFAULT_REGION=$(AWS_DEFAULT_REGION) -e http_proxy=$(http_proxy) --net=host -w /work hashicorp/terraform:$(TERRAFORM_VERSION)
+
+.PHONY: all clean test docs format
+
+all: test docs format
+
+clean:
+	rm -rf .terraform/
+
+test:
+	$(TERRAFORM) init && $(TERRAFORM) validate
+
+docs:
+	docker run --rm -v "${PWD}:/work" tmknom/terraform-docs markdown ./ >./README.md
+
+format:
+	$(TERRAFORM) fmt -list=true ./

README.md

@@ -1,2 +1,31 @@
-# terraform-aws-ssm-parameters
-Configure a list of SSM Parameter Store entries
+# ![AWS](aws-logo.png) SSM ParameterStore parameters
+
+Purpose: Configure parameters in AWS SSM ParameterStore
+
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| allowed\_pattern | A regular expression to restrict allowed parameter values | `any` | `null` | no |
+| context | A parameter context used as a prefix to the stored parameter key | `any` | `null` | no |
+| data\_type | Indicates the type of parameter value. Supported values are: `text` and `aws:ec2:image` | `any` | `null` | no |
+| key\_id | KMS key id for encrypting SecureString type parameters | `any` | `null` | no |
+| list\_params | A list of StringList parameters to add to ParameterStore | `list(map(any))` | `[]` | no |
+| overwrite | Overwrite existing parameter values | `bool` | `false` | no |
+| parameters | A list of String parameters to add to ParameterStore | `list(map(any))` | `[]` | no |
+| secure\_params | A list of SecureString parameters to add to ParameterStore | `list(map(any))` | `[]` | no |
+
+## Outputs
+
+No output.
+

aws-logo.png

@@ -0,0 +1,50 @@
+/**
+ * # ![AWS](aws-logo.png) SSM ParameterStore parameters
+ *
+ * Purpose: Configure parameters in AWS SSM ParameterStore
+ */
+resource "aws_ssm_parameter" "parameters" {
+  count           = length(var.parameters)
+  name            = var.context != null ? "/${var.context}/${lookup(var.parameters[count.index], "name")}" : lookup(var.parameters[count.index], "name")
+  value           = lookup(var.parameters[count.index], "value")
+  description     = lookup(var.parameters[count.index], "description") != null ? lookup(var.parameters[count.index], "description") : null
+  type            = "String"
+  overwrite       = var.overwrite
+  allowed_pattern = var.allowed_pattern
+  data_type       = var.data_type
+
+  tags = {
+    Context = var.context
+  }
+}
+
+resource "aws_ssm_parameter" "list_params" {
+  count           = length(var.list_params)
+  name            = var.context != null ? "/${var.context}/${lookup(var.list_params[count.index], "name")}" : lookup(var.list_params[count.index], "name")
+  value           = lookup(var.list_params[count.index], "value")
+  description     = lookup(var.list_params[count.index], "description") != null ? lookup(var.list_params[count.index], "description") : null
+  type            = "String"
+  overwrite       = var.overwrite
+  allowed_pattern = var.allowed_pattern
+  data_type       = var.data_type
+
+  tags = {
+    Context = var.context
+  }
+}
+
+resource "aws_ssm_parameter" "secure_params" {
+  count           = length(var.secure_params)
+  name            = var.context != null ? "/${var.context}/${lookup(var.parameters[count.index], "name")}" : lookup(var.secure_params[count.index], "name")
+  value           = lookup(var.secure_params[count.index], "value")
+  description     = lookup(var.secure_params[count.index], "description") != null ? lookup(var.secure_params[count.index], "description") : null
+  type            = "SecureString"
+  overwrite       = var.overwrite
+  allowed_pattern = var.allowed_pattern
+  data_type       = var.data_type
+  key_id          = var.key_id
+
+  tags = {
+    Context = var.context
+  }
+}

main.tf

@@ -0,0 +1,42 @@
+variable "parameters" {
+  description = "A list of String parameters to add to ParameterStore"
+  type        = list(map(any))
+  default     = []
+}
+
+variable "secure_params" {
+  description = "A list of SecureString parameters to add to ParameterStore"
+  type        = list(map(any))
+  default     = []
+}
+
+variable "list_params" {
+  description = "A list of StringList parameters to add to ParameterStore"
+  type        = list(map(any))
+  default     = []
+}
+
+variable "context" {
+  description = "A parameter context used as a prefix to the stored parameter key"
+  default     = null
+}
+
+variable "allowed_pattern" {
+  description = "A regular expression to restrict allowed parameter values"
+  default     = null
+}
+
+variable "data_type" {
+  description = "Indicates the type of parameter value. Supported values are: `text` and `aws:ec2:image`"
+  default     = null
+}
+
+variable "overwrite" {
+  description = "Overwrite existing parameter values"
+  default     = false
+}
+
+variable "key_id" {
+  description = "KMS key id for encrypting SecureString type parameters"
+  default     = null
+}