feat: map ssm_path with ssm version and detect changes of ssm parameter store's version (#7)

kandarpdave3 · web-flow · commit 0a5eebb1eeae · 2024-08-02T12:02:47.000+05:30
* feat: map ssm_path with ssm version and detect changes of ssm parameter store's version

* feat: code refactorization
diff --git a/data.tf b/data.tf
@@ -9,6 +9,22 @@ data "aws_kms_alias" "ssm" {
   name = var.ssm_kms_alias
 }
 
+data "aws_ssm_parameter" "secret_env_vars" {
+  for_each = var.secret_environment_variables
+  name     = "${var.parameter_path_prefix}/${each.value}"
+}
+
+## Create map of "parameter_name => parameter_version" to detect the change of parameter's value
+resource "null_resource" "parameter_version_check" {
+  triggers = {
+    ssm_versions = jsonencode(
+      {
+        for parameter in data.aws_ssm_parameter.secret_env_vars : parameter.name => parameter.version
+      }
+    )
+  }
+}
+
 locals {
   aws_partition   = data.aws_partition.current.partition
   account_id      = data.aws_caller_identity.current.account_id
@@ -24,7 +40,7 @@ locals {
   secret_environment_variables = flatten([
     for name, valueFrom in var.secret_environment_variables : {
       name      = name
-      valueFrom = "${var.parameter_path_prefix}/${valueFrom}"
+      valueFrom = data.aws_ssm_parameter.secret_env_vars[name].name
     }
   ])
 }
diff --git a/main.tf b/main.tf
@@ -42,4 +42,11 @@ resource "aws_ecs_task_definition" "task" {
       }
     ]
   )
+
+  ## The resource will be restarted if null resource restarts 
+  lifecycle {
+    replace_triggered_by = [
+      null_resource.parameter_version_check
+    ]
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -42,4 +42,11 @@ resource "aws_ecs_task_definition" "task" {`
`42`	`42`	`}`
`43`	`43`	`]`
`44`	`44`	`)`
	`45`	`+`
	`46`	`+ ## The resource will be restarted if null resource restarts`
	`47`	`+ lifecycle {`
	`48`	`+ replace_triggered_by = [`
	`49`	`+ null_resource.parameter_version_check`
	`50`	`+ ]`
	`51`	`+ }`
`45`	`52`	`}`