TF is not reading the passowrod string from aws_ssm_parameter data resource

Terraform
1

Hi Terraform Team,

i’m trying to launch an aws RDS database with aws_ssm_parameter for the TF to read the password from SSM paramter store by following https://www.terraform.io/docs/providers/aws/r/ssm_parameter.html

I have uploaded the password value to the SSM parameter store using below command from awscli

aws ssm put-parameter --name "/test/sbx/database/PostgresPassword" --value "test_password" --type "SecureString"

Code:

variable "test_db_password" {
  description = "RDS database password"
}

resource "aws_db_instance" "test_db_test" {
  name                       = "${var.tenant}-${var.stack_name}-${var.app_environment}-db"
  allocated_storage          = "100"
  storage_type               = "gp2"
  engine                     = "postgres"
  engine_version             = "11.2"
  instance_class             = "db.t2.small"
  username                   = "test_db"
  password                   = "${var.test_db_password}"
  backup_retention_period    = "7"
  multi_az                   = false
  publicly_accessible        = false
  storage_encrypted          = true
  auto_minor_version_upgrade = false
  vpc_security_group_ids     = ["${aws_security_group.test_db_test.id}"]
  db_subnet_group_name       = "${aws_db_subnet_group.test_db_test.id}"
  parameter_group_name       = "postgres11"
  skip_final_snapshot        = "true"
}

resource "aws_ssm_parameter" "secret" {
  name = "/test/sbx/database/PostgresPassword"
  description = "Postgres database password"
  type = "SecureString"
  value = "${var.test_db_password}"
}

on TF plan it gives me below error

 var.test_db_password
  RDS database password

  Enter a value: 
var.test_db_password
  RDS database password

  Enter a value: 
var.test_db_password
  RDS database password

  Enter a value: 
var.test_db_password
  RDS database password

  Enter a value: 
Releasing state lock. This may take a few moments...

Error: Error asking for user input: missing required value for "test_db_password"

Could you please suggest how to resolve this? Why the TF is not reading the password.

I also tried like below with “data” resource to read the password from ssm paramter store, but it gave me the same error for missing required value for “test_db_password”

data “aws_ssm_parameter” “secret” {
name = “/test/sbx/database/PostgresPassword”
description = “Postgres database password”
type = “SecureString”
value = “${var.test_db_password}”
}

Request you to please suggest how to resolve for TF to read the value of “test_db_password”