Parameter Store

We use AWS Systems Manager Parameter Store to centrally store values that can be used by services and functions.

Steps

flowchart LR
  A[1. Create a new parameter]
  B[2. Update value of parameter];
  C[3. Use parameter]
  A --> B --> C

Step 1: Create a new parameter

Edit the parameters-property of the SSM Parameter Store module.

In this example, we add a new parameter named SvarUt/BaseUrl:

ssm.tf
1
2
3
4
5
6
7
8
9
module "ssm_parameters" {
  source           = "git@github.com:BYM-IKT/terraform-aws-ssm-parameters-secure.git?ref=v2"
  application_name = var.application_name
  environment      = var.environment
  parameters = [
    ...
    "SvarUt/BaseUrl",
  ]
}

Create a Pull Request to Terraform apply this change.

Note that parameters created by this module are prefixed with ${environment}/${application_name}/. In this example, the resulting parameter will therefore have the name: test/kattehotell/SvarUt/BaseUrl.

Step 2: Update value of parameter

  1. Log in to the AWS Account's console: https://bymoslo.awsapps.com/start
  2. Navigate to AWS Systems Manager > Parameter Store.
  3. Navigate to the parameter you just created (e.g. in this example test/kattehotell/SvarUt/BaseUrl).
  4. Click Edit.
  5. Update the value and press Save Changes.

Step 3: Use the parameter in application

ECS Fargate

To use this parameter in an existing Fargate, add a new entry in ssm_secrets that references to the ARN of the parameter you've created.

main.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
module "application" {
  source = "git@github.com:BYM-IKT/terraform-byks-module.git"
  ...
  ecs_services = {
    kattehotell-service = {
      ...
      ssm_secrets = {
        ...
        SVARUT_BASEURL = module.ssm_parameters.parameters_arn["SvarUt/BaseUrl"]
      }
    }
  }
}
Create a Pull Request to Terraform apply this change.

After this change has been applied, the parameter value will be available as an environment variable. In this example, the parameter value will be reachable under the environment variable SVARUT_BASEURL.

AWS Lambda Function

To use this parameter in an existing Lambda Function, we have to retrieve the parameter value by using the data source aws_ssm_parameter, and feed its output to environment_variables:

main.tf
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
data "aws_ssm_parameter" "this" {
  for_each  = module.ssm_parameters.parameters_arn
  secret_id = each.value
}

module "application" {
  source = "git@github.com:BYM-IKT/terraform-byks-module.git"
  ...
  lambda_functions = {
    kattehotell-booking = {
      ...
      environment_variables = {
        ...
        SVARUT_BASEURL = data.aws_ssm_parameter.this["SvarUt/BaseUrl"].value
      }
    }
  }
}

Note

In some Terraform projects we have more than one SSM Parameter Store module. In such cases, you should create a data source per module, i.e.: 

data "aws_ssm_parameter" "collection_1" {
  for_each  = module.ssm_parameters_1.parameters_arn
  secret_id = each.value
}

data "aws_ssm_parameter" "collection_2" {
  for_each  = module.ssm_parameters_2.parameters_arn
  secret_id = each.value
}

Create a Pull Request to Terraform apply this change.

After this change has been applied, the parameter value will be available as an environment variable. In this example, the parameter value will be reachable under the environment variable SVARUT_BASEURL.