Module: ssm_parameter
Manages creation and referencing of SSM Parameter Store parameters (String / SecureString) used for control flags and credentials.
Input Map Key Pattern
Root variable: ssm_parameters (map of objects). Each key produces either a created or referenced parameter.
| Field | Type | Default | Description |
|---|---|---|---|
| name | string | generated | Final parameter name; if omitted, derived from key with prefix/suffix |
| type | string | SecureString | Parameter type (String, SecureString) |
| value | string | null | Value to set (ignored if existing=true) |
| description | string | null | Description |
| key_id | string | null | KMS key id/arn for SecureString |
| overwrite | bool | true | Allow overwriting existing value on create |
| tier | string | Standard | Parameter tier |
| allowed_pattern | string | null | Regex validation pattern |
| existing | bool | false | If true, reference only (data source) |
| tags | map(string) | {} | Extra tags |
Behavior
- Uses
for_eachkeyed by input map keys for order independence. - Separates sensitive
valuefrom metadata to avoid for_each sensitivity issues. existing = true: looked up viadata.aws_ssm_parameter.- Created parameters ignore future
valuedrift:lifecycle { ignore_changes = [value] }.
Example
ssm_parameters = {
client_system_status = {
name = "/client_systems/ire/status"
description = "Current status of IRE Client Systems"
type = "String"
value = "Inactive"
tier = "Standard"
tags = {
Environment = "IRE"
Purpose = "DR Client System Status Control"
}
},
smtp_user_password = {
name = "/infra/smtp/password"
existing = true # Already provisioned outside Terraform
}
}