Flaconi · Engerim · Nov 29, 2024 · Nov 29, 2024
@@ -1 +1 @@
-* @Flaconi/devops
+* @Flaconi/devops @Flaconi/ci @Flaconi/platform
@@ -7,3 +7,6 @@ updates:
       day: monday
       time: "08:00"
       timezone: Europe/Berlin
+  - package-ecosystem: "terraform"
+    schedule:
+      interval: "weekly"
@@ -0,0 +1,9 @@
+---
+name: Dependabot auto-merge
+
+on: pull_request
+
+jobs:
+  auto-merge:
+    uses: Flaconi/github-actions/.github/workflows/auto-merge.yml@v1
+    secrets: inherit
@@ -1,20 +1,12 @@
+---
 name: Release Drafter
 
 on:
   push:
     branches:
       - master
 
-permissions:
-  contents: read
-
 jobs:
   update_release_draft:
-    permissions:
-      contents: write
-      pull-requests: read
-    runs-on: ubuntu-latest
-    steps:
-      - uses: release-drafter/release-drafter@v6
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    uses: Flaconi/github-actions/.github/workflows/release-drafter.yml@v1
+    secrets: inherit
@@ -1,10 +1,11 @@
-# terraform-module-template
-Template for Terraform modules
+# terraform-aws-ssm-secrets
+
+Wrapper to store ssm parameters and also the same values as a secret in secrets manager.
 
 <!-- Uncomment and replace with your module name
-[![lint](https://github.com/flaconi/<MODULENAME>/workflows/lint/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Alint)
-[![test](https://github.com/flaconi/<MODULENAME>/workflows/test/badge.svg)](https://github.com/flaconi/<MODULENAME>/actions?query=workflow%3Atest)
-[![Tag](https://img.shields.io/github/tag/flaconi/<MODULENAME>.svg)](https://github.com/flaconi/<MODULENAME>/releases)
+[![lint](https://github.com/flaconi/terraform-aws-ssm-secrets/workflows/lint/badge.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/actions?query=workflow%3Alint)
+[![test](https://github.com/flaconi/terraform-aws-ssm-secrets/workflows/test/badge.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/actions?query=workflow%3Atest)
+[![Tag](https://img.shields.io/github/tag/flaconi/terraform-aws-ssm-secrets.svg)](https://github.com/flaconi/terraform-aws-ssm-secrets/releases)
 -->
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 
@@ -27,7 +28,8 @@ No providers.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | ~> 1.3 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.5 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.29 |
 
 <!-- TFDOCS_REQUIREMENTS_END -->
 
@@ -38,19 +40,61 @@ No required inputs.
 
 ## Optional Inputs
 
-No optional inputs.
+The following input variables are optional (have default values):
+
+### <a name="input_tags"></a> [tags](#input\_tags)
+
+Description: Tags applied to the resources
+
+Type: `map(string)`
+
+Default: `{}`
+
+### <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias)
+
+Description: kms\_alias sets the kms alias used for SecureString
+
+Type: `string`
+
+Default: `"alias/aws/ssm"`
+
+### <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix)
+
+Description: name\_prefix prefixes the given name with a prefix
+
+Type: `string`
+
+Default: `""`
+
+### <a name="input_parameters"></a> [parameters](#input\_parameters)
+
+Description: A list of dicts with parameter information
+
+Type:
+
+```hcl
+list(object({
+    name  = string
+    type  = optional(string, "SecureString") # String, StringList or SecureString
+    value = string
+  }))
+```
+
+Default: `[]`
 
 <!-- TFDOCS_INPUTS_END -->
 
 <!-- TFDOCS_OUTPUTS_START -->
 ## Outputs
 
-No outputs.
+| Name | Description |
+|------|-------------|
+| <a name="output_parameter_arns"></a> [parameter\_arns](#output\_parameter\_arns) | Map of parameter name and arn |
 
 <!-- TFDOCS_OUTPUTS_END -->
 
 ## License
 
 **[MIT License](LICENSE)**
 
-Copyright (c) 2023 **[Flaconi GmbH](https://github.com/flaconi)**
+Copyright (c) 2024 **[Flaconi GmbH](https://github.com/flaconi)**
@@ -0,0 +1,26 @@
+moved {
+  from = aws_ssm_parameter.this
+  to   = module.ssm.aws_ssm_parameter.this
+}
+
+module "ssm" {
+  source = "github.com/Flaconi/terraform-aws-ssm-store?ref=v1.2.0"
+
+  tags        = var.tags
+  kms_alias   = var.kms_alias
+  name_prefix = var.name_prefix
+  parameters  = var.parameters
+}
+
+module "secrets" {
+  source = "github.com/terraform-aws-modules/terraform-aws-secrets-manager?ref=v1.1.2"
+
+  tags = var.tags
+
+  kms_key_id = "alias/aws/secretsmanager"
+
+  name        = trimsuffix(var.name_prefix, "/")
+  description = "Secrets for the ${var.tags.Project} application"
+
+  secret_string = jsonencode({ for parameter in var.parameters : parameter.name => parameter.value })
+}
@@ -0,0 +1,4 @@
+output "parameter_arns" {
+  description = "Map of parameter name and arn"
+  value       = module.ssm.parameter_arns
+}
@@ -0,0 +1,27 @@
+variable "tags" {
+  description = "Tags applied to the resources"
+  type        = map(string)
+  default     = {}
+}
+
+variable "kms_alias" {
+  description = "kms_alias sets the kms alias used for SecureString"
+  type        = string
+  default     = "alias/aws/ssm"
+}
+
+variable "name_prefix" {
+  description = "name_prefix prefixes the given name with a prefix"
+  type        = string
+  default     = ""
+}
+
+variable "parameters" {
+  description = "A list of dicts with parameter information"
+  type = list(object({
+    name  = string
+    type  = optional(string, "SecureString") # String, StringList or SecureString
+    value = string
+  }))
+  default = []
+}
@@ -1,3 +1,10 @@
 terraform {
-  required_version = "~> 1.3"
+  required_version = ">= 1.5"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 4.29"
+    }
+  }
 }
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		* @Flaconi/devops
		* @Flaconi/devops @Flaconi/ci @Flaconi/platform