feat(aws-docdb-cluster): enable the ssm parameter store to record the… #77
Conversation
|
@haidargit i think you should use this module instead of the resource |
variables.tf
Outdated
| variable "ssm_parameter_type" { | ||
| type = string | ||
| default = "SecureString" | ||
| description = "Type of the ssm parameter. Valid types are String, StringList and SecureString." | ||
| } |
There was a problem hiding this comment.
Probably doesn't need to be a variable, it should not be allowed to store as String
There was a problem hiding this comment.
okay, will store it as String for the default on this resource. thank you @kevcube
variables.tf
Outdated
| variable "ssm_parameter_enabled" { | ||
| type = bool | ||
| default = false | ||
| description = "Whether an SSM parameter store value is created to store the key's private key pem." |
There was a problem hiding this comment.
| description = "Whether an SSM parameter store value is created to store the key's private key pem." | |
| description = "Whether an SSM parameter store value is created to store the database password." |
There was a problem hiding this comment.
okay @kevcube, i will fix it
haidargit
force-pushed
the
feature/enable-ssm-parameter-for-storing-master-password
branch
from
6808854 to
8fae0e8
Compare
|
Hi @kevcube, i have updated the PR to add the changes, kindly review the code. Thank you |
haidargit
force-pushed
the
feature/enable-ssm-parameter-for-storing-master-password
branch
from
8fae0e8 to
ff71709
Compare
main.tf
Outdated
| { | ||
| name = format("%s%s", var.ssm_parameter_path_prefix, module.this.id) | ||
| value = var.master_password != "" ? var.master_password : random_password.password[0].result | ||
| type = "String" |
main.tf
Outdated
| @@ -152,3 +152,20 @@ module "dns_replicas" { | |||
|
|
|||
| context = module.this.context | |||
| } | |||
|
|
|||
| module "ssm_parameter_store" { | |||
There was a problem hiding this comment.
| module "ssm_parameter_store" { | |
| module "ssm_write_db_password" { |
variables.tf
Outdated
| variable "ssm_parameter_description" { | ||
| type = string | ||
| default = "documentdb cluster master_password" | ||
| description = "Description of the parameter" | ||
| } |
There was a problem hiding this comment.
| variable "ssm_parameter_description" { | |
| type = string | |
| default = "documentdb cluster master_password" | |
| description = "Description of the parameter" | |
| } |
There was a problem hiding this comment.
too generic. let's just hardcode description based on cluster's name.
main.tf
Outdated
| name = format("%s%s", var.ssm_parameter_path_prefix, module.this.id) | ||
| value = var.master_password != "" ? var.master_password : random_password.password[0].result | ||
| type = "String" | ||
| description = var.ssm_parameter_description |
There was a problem hiding this comment.
Master password for module.this.id DocumentDB cluster
description = "Master password for ${module.this.id} DocumentDB cluster"
ff71709 to
afff05a
Compare
|
Could you help review again, @kevcube ? i have added the changes. Thanks |
|
@haidargit see failing checks. Delete your |
haidargit
force-pushed
the
feature/enable-ssm-parameter-for-storing-master-password
branch
from
afff05a to
93eebc5
Compare
haidargit
force-pushed
the
feature/enable-ssm-parameter-for-storing-master-password
branch
from
93eebc5 to
52840fd
Compare
|
Thanks @kevcube! i have removed the lock files and updated the readme. |
|
/terratest |
|
Thanks Cloud Posse, @kevcube !! |
what
In this PR, we can use the Cloud Posse ssm parameter store module to store the documentdb master_password information.
why
The objective behind this PR is to ensure the secure distribution of the docdb cluster's master password within the AWS infrastructure. We can centrally manage and protect sensitive information, increasing operational efficiency.
references
No issue relates to the current improvement.
I have run these required commands.
make initmake readmeKindly review this PR for documentdb module improvements. Thank you, Cloud Posse Team!