Retrieving data values - is this a bug in cdktf?

jnfrmarks · August 24, 2020, 3:12pm

Howdy!

I’m creating an RDS Cluster. One step in my code is to create the RDS username and password. These values are stored in the AWS parameter store. If I need to modify the cluster, the username and password are recreated when I run terraform apply. To resolve this I want to update my code to only create the username and password if the values are not set in the parameter store. When I call DataAwsSsmParameter () to get the value, terraform apply fails on the initial RDS cluster creation because the values are not yet set in the parameter store. Should this work? Any suggestions on other ways to retrieve the values? I tried getting the values from the remote state file but couldn’t get it working (a full example here would be great!)

Thanks again,
Jennifer

jnfrmarks · August 25, 2020, 12:54pm

Here’s a sample of the code that I’m trying to get working:

let keyLocation = `/${ssmRoot}/indexer/rds/masterLogin`
rdsUsername = "root"

new aws.SsmParameter(scope, "-ssm-1", {
  type: "String",
  name: keyLocation,
  value: rdsUsername,
  overwrite: false
})

keyLocation = `/${ssmRoot}/indexer/rds/masterLogin`
let ssm = new aws.DataAwsSsmParameter(scope, '-get-db-login', {
  name: keyLocation
});
rdsUsername = ssm.value

terraform apply fails with:

Error: Error describing SSM parameter: ParameterNotFound: 

  on cdk.tf.json line 415, in data.aws_ssm_parameter.tfRdsCluster_getdblogin_A0781F06:
 415:       },

skorfmann · August 25, 2020, 1:10pm

I think that the data resource is resolved before the parameter is actually created. While this might work by accident in an existing setup, this will always fail for the initial roll out.

In your example you have the username in rdsUsername - why not just use that value directly?

jsteinich · August 25, 2020, 1:12pm

I believe when overwrite is false the existing value will be retained, but I haven’t used it personally.

You could also try using lifecycle rules to force Terraform to leave the value alone.

This would mean just using a resource always and not the data source.

jnfrmarks · August 25, 2020, 1:18pm

The initial rollout failure is expected - poop

I need to retrieve the value, if it exists, on any rerun of the cdktf code. Any suggestions on how to do that?