I am planning a root module that includes an RDS, a parameter group and so forth.
The config for the parameter group is more or less:
resource "aws_db_parameter_group" "my-pg-postgres-12-3" {
provider = aws.us_east_1
name = "my-pg-postgres-12-3"
family = "postgres12"
parameter {
name = "application_name"
value = "psql non-interactive"
apply_method = "immediate"
}
parameter {
name = "autovacuum"
value = 1
apply_method = "immediate"
}
.
.
.
// many more parameters following...
I am running terraform plan -out planfile
and then terraform show --json planfile
I noticed the following in the json
representation of my parameter group
{
"address": "aws_db_parameter_group.production-my-postgres-12-3",
"mode": "managed",
"type": "aws_db_parameter_group",
"name": "production-my-postgres-12-3",
"provider_name": "registry.terraform.io/hashicorp/aws",
"schema_version": 0,
"values": {
"description": "Managed by Terraform",
"family": "postgres9.6",
"name": "production-my-postgres-9-6",
"parameter": [
{
"apply_method": "immediate",
"name": "application_name",
"value": "psql non-interactive"
},
{
"apply_method": "immediate",
"name": "autovacuum",
"value": "1"
},
{
"apply_method": "immediate",
"name": "lc_messages",
"value": "en_US.UTF-8"
},
{
"apply_method": "immediate",
"name": "lc_monetary",
"value": "en_US.UTF-8"
},
{
"apply_method": "immediate",
"name": "lc_numeric",
"value": "en_US.UTF-8"
},
{
"apply_method": "immediate",
"name": "lc_time",
"value": "en_US.UTF-8"
},
{
"apply_method": "immediate",
"name": "log_autovacuum_min_duration",
"value": "30000"
},
{
"apply_method": "immediate",
"name": "log_connections",
"value": "1"
},
{
"apply_method": "immediate",
"name": "log_lock_waits",
"value": "true"
},
{
"apply_method": "immediate",
"name": "log_min_duration_statement",
"value": "2000"
},
{
"apply_method": "immediate",
"name": "log_temp_files",
"value": "10240"
},
{
"apply_method": "immediate",
"name": "maintenance_work_mem",
"value": "2147483647"
},
{
"apply_method": "immediate",
"name": "max_parallel_workers_per_gather",
"value": "3"
},
{
"apply_method": "immediate",
"name": "max_standby_archive_delay",
"value": "36000000"
},
{
"apply_method": "immediate",
"name": "max_standby_streaming_delay",
"value": "36000000"
},
{
"apply_method": "immediate",
"name": "wal_keep_segments",
"value": "64"
},
{
"apply_method": "immediate",
"name": "work_mem",
"value": "122000000"
},
{
"apply_method": "pending-reboot",
"name": "max_connections",
"value": "500"
},
{
"apply_method": "pending-reboot",
"name": "max_replication_slots",
"value": "20"
},
{
"apply_method": "pending-reboot",
"name": "max_worker_processes",
"value": "20"
},
{
"apply_method": "pending-reboot",
"name": "rds.force_ssl",
"value": "false"
},
{
"apply_method": "pending-reboot",
"name": "shared_preload_libraries",
"value": "pg_stat_statements"
}
],
"tags": {
"Provisioner": "Terraform"
},
"tags_all": {
"Provisioner": "Terraform"
}
},
"sensitive_values": {
"parameter": [
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{},
{}
],
"tags": {},
"tags_all": {}
}
},
Why is there an array sensitive_values
with so many entries?
How does this field work?
In my rds declaration (where there is nothing sensitive either) I see the following
"sensitive_values": {
"replicas": [],
"restore_to_point_in_time": [],
"s3_import": [],
"tags": {},
"tags_all": {},
"vpc_security_group_ids": []
}
What is the rationale behind the construction of this field?
(I didn’t state as sensitive
e.g. the s3_import
no the replicas
fields etc)