Provides an SSM Parameter resource.
resource "aws_ssm_parameter" "foo" {
name = "foo"
type = "String"
value = "bar"
}
resource "aws_db_instance" "default" {
allocated_storage = 10
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7.16"
instance_class = "db.t2.micro"
db_name = "mydb"
username = "foo"
password = var.database_master_password
db_subnet_group_name = "my_database_subnet_group"
parameter_group_name = "default.mysql5.7"
}
resource "aws_ssm_parameter" "secret" {
name = "/production/database/password/master"
description = "The parameter description"
type = "SecureString"
value = var.database_master_password
tags = {
environment = "production"
}
}
The following arguments are required:
name
- (Required) Name of the parameter. If the name contains a path (e.g., any forward slashes (/
)), it must be fully qualified with a leading forward slash (/
). For additional requirements and constraints, see the AWS SSM User Guide.type
- (Required) Type of the parameter. Valid types are String
, StringList
and SecureString
.The following arguments are optional:
allowed_pattern
- (Optional) Regular expression used to validate the parameter value.data_type
- (Optional) Data type of the parameter. Valid values: text
, aws:ssm:integration
and aws:ec2:image
for AMI format, see the Native parameter support for Amazon Machine Image IDs.description
- (Optional) Description of the parameter.insecure_value
- (Optional, exactly one of value
or insecure_value
is required) Value of the parameter. Use caution: This value is _never_ marked as sensitive in the Terraform plan output. This argument is not valid with a type
of SecureString
.key_id
- (Optional) KMS key ID or ARN for encrypting a SecureString.overwrite
- (Optional, Deprecated) Overwrite an existing parameter. If not specified, defaults to false
if the resource has not been created by Terraform to avoid overwrite of existing resource, and will default to true
otherwise (Terraform lifecycle rules should then be used to manage the update behavior).tags
- (Optional) Map of tags to assign to the object. If configured with a provider default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.tier
- (Optional) Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers are Standard
, Advanced
, and Intelligent-Tiering
. Downgrading an Advanced
tier parameter to Standard
will recreate the resource. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.value
- (Optional, exactly one of value
or insecure_value
is required) Value of the parameter. This value is always marked as sensitive in the Terraform plan output, regardless of type
. In Terraform CLI version 0.15 and later, this may require additional configuration handling for certain scenarios. For more information, see the Terraform v0.15 Upgrade Guide.This resource exports the following attributes in addition to the arguments above:
arn
- ARN of the parameter.tags_all
- Map of tags assigned to the resource, including those inherited from the provider default_tags
configuration block.version
- Version of the parameter.In Terraform v1.5.0 and later, use an import
block to import SSM Parameters using the parameter store name
. For example:
import {
to = aws_ssm_parameter.my_param
id = "/my_path/my_paramname"
}
Using terraform import
, import SSM Parameters using the parameter store name
. For example:
% terraform import aws_ssm_parameter.my_param /my_path/my_paramname