-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathssm.tf
92 lines (71 loc) · 2.15 KB
/
ssm.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
resource "aws_kms_key" "kong" {
description = "${var.service}/${var.environment}"
tags = "${merge(
map("Name", format("%s-%s", var.service, var.environment)),
map("Environment", var.environment),
map("Description", var.description),
map("Service", var.service),
var.tags
)}"
}
resource "aws_kms_alias" "kong" {
name = "alias/${var.service}-${var.environment}"
target_key_id = "${aws_kms_key.kong.key_id}"
}
resource "aws_ssm_parameter" "ee-bintray-auth" {
name = "/${var.service}/${var.environment}/ee/bintray-auth"
type = "SecureString"
value = "placeholder"
key_id = "${aws_kms_alias.kong.target_key_arn}"
lifecycle {
ignore_changes = ["value"]
}
}
resource "aws_ssm_parameter" "ee-license" {
name = "/${var.service}/${var.environment}/ee/license"
type = "SecureString"
value = "placeholder"
key_id = "${aws_kms_alias.kong.target_key_arn}"
lifecycle {
ignore_changes = ["value"]
}
}
resource "aws_ssm_parameter" "ee-admin-token" {
name = "/${var.service}/${var.environment}/ee/admin/token"
type = "SecureString"
value = "zg-kong-2-1"
key_id = "${aws_kms_alias.kong.target_key_arn}"
lifecycle {
ignore_changes = ["value"]
}
}
resource "aws_ssm_parameter" "db-host" {
name = "/${var.service}/${var.environment}/db/host"
type = "String"
value = "${coalesce(join("", aws_rds_cluster.kong.*.endpoint), var.db_host)}"
}
resource "aws_ssm_parameter" "db-name" {
name = "/${var.service}/${var.environment}/db/name"
type = "String"
value = "${replace(format("%s_%s", var.service, var.environment), "-", "_")}"
}
resource "aws_ssm_parameter" "db-password" {
name = "/${var.service}/${var.environment}/db/password"
type = "SecureString"
value = "placeholder"
key_id = "${aws_kms_alias.kong.target_key_arn}"
lifecycle {
ignore_changes = ["value"]
}
overwrite = true
}
resource "aws_ssm_parameter" "db-master-password" {
name = "/${var.service}/${var.environment}/db/password/master"
type = "SecureString"
value = "${var.db_password}"
key_id = "${aws_kms_alias.kong.target_key_arn}"
lifecycle {
ignore_changes = ["value"]
}
overwrite = true
}