Hi Terraform Team,
i’m trying to launch an aws RDS database with aws_ssm_parameter
for the TF to read the password from SSM paramter store by following https://www.terraform.io/docs/providers/aws/r/ssm_parameter.html
I have uploaded the password value to the SSM parameter store using below command from awscli
aws ssm put-parameter --name "/test/sbx/database/PostgresPassword" --value "test_password" --type "SecureString"
Code:
variable "test_db_password" {
description = "RDS database password"
}
resource "aws_db_instance" "test_db_test" {
name = "${var.tenant}-${var.stack_name}-${var.app_environment}-db"
allocated_storage = "100"
storage_type = "gp2"
engine = "postgres"
engine_version = "11.2"
instance_class = "db.t2.small"
username = "test_db"
password = "${var.test_db_password}"
backup_retention_period = "7"
multi_az = false
publicly_accessible = false
storage_encrypted = true
auto_minor_version_upgrade = false
vpc_security_group_ids = ["${aws_security_group.test_db_test.id}"]
db_subnet_group_name = "${aws_db_subnet_group.test_db_test.id}"
parameter_group_name = "postgres11"
skip_final_snapshot = "true"
}
resource "aws_ssm_parameter" "secret" {
name = "/test/sbx/database/PostgresPassword"
description = "Postgres database password"
type = "SecureString"
value = "${var.test_db_password}"
}
on TF plan it gives me below error
var.test_db_password
RDS database password
Enter a value:
var.test_db_password
RDS database password
Enter a value:
var.test_db_password
RDS database password
Enter a value:
var.test_db_password
RDS database password
Enter a value:
Releasing state lock. This may take a few moments...
Error: Error asking for user input: missing required value for "test_db_password"
Could you please suggest how to resolve this? Why the TF is not reading the password.
I also tried like below with “data” resource to read the password from ssm paramter store, but it gave me the same error for missing required value for “test_db_password”
data “aws_ssm_parameter” “secret” {
name = “/test/sbx/database/PostgresPassword”
description = “Postgres database password”
type = “SecureString”
value = “${var.test_db_password}”
}
Request you to please suggest how to resolve for TF to read the value of “test_db_password”