amazon web services - Dynamically populate terraform string list from AWS SSM parameter - Stack Overflow

admin管理员组

文章数量:1037775

I have an SSM parameter of type StringList holding AWS account IDs, like

12345678910, 12345678911, 12345678912, ... etc

This is held as an SSM parameter because the list is updated by other processes (I won't go into that process here as it's slightly irrelevant, except to say for each terraform run the list could be slightly different each time - therefore not held statically in the tf code)

I have a data source in my root module defined as follows:

data "aws_ssm_parameter" "account_list" {
  name = "account_list"
}

Then populating a local like this:

accounts = [
  data.aws_ssm_parameter.account_list.value
]

This validates, but doesn't work, because the data is fetched as a single string like:

"12345678910, 12345678911, 12345678912"

So what happens is there is only one value in the list. I have tried with

split(",",data.aws_ssm_parameter.account_list.value) but this only serves to give me and error relating to string is expected

What I really want is the local value to be dynamically populated like

accounts = [
  "12345678910", 
  "12345678911", 
  "12345678912"
]

I'm obviously doing something wrong, and much googling has not led me to a solution.

Is this even possible? Should I not be using SSM parameter for this?

I have an SSM parameter of type StringList holding AWS account IDs, like

12345678910, 12345678911, 12345678912, ... etc

This is held as an SSM parameter because the list is updated by other processes (I won't go into that process here as it's slightly irrelevant, except to say for each terraform run the list could be slightly different each time - therefore not held statically in the tf code)

I have a data source in my root module defined as follows:

data "aws_ssm_parameter" "account_list" {
  name = "account_list"
}

Then populating a local like this:

accounts = [
  data.aws_ssm_parameter.account_list.value
]

This validates, but doesn't work, because the data is fetched as a single string like:

"12345678910, 12345678911, 12345678912"

So what happens is there is only one value in the list. I have tried with

split(",",data.aws_ssm_parameter.account_list.value) but this only serves to give me and error relating to string is expected

What I really want is the local value to be dynamically populated like

accounts = [
  "12345678910", 
  "12345678911", 
  "12345678912"
]

I'm obviously doing something wrong, and much googling has not led me to a solution.

Is this even possible? Should I not be using SSM parameter for this?

• amazon-web-services
• terraform
• terraform-provider-aws
• aws-ssm

Share Improve this question Follow edited Nov 18, 2024 at 13:41 Rui Jarimba 18.3k1111 gold badges6464 silver badges9898 bronze badges asked Nov 18, 2024 at 12:40 MolenpadMolenpad 1,05444 gold badges2121 silver badges4242 bronze badges 3

• 1 It would probably be a lot less prone to race conditions if you added the account id to the ssm parameter path. What value you store there then becomes a question of some redundancy. But it means you naturally get a set back when querying account/* and consumers can randomly add and delete without worrying about locking. – Chris Becke Commented Nov 18, 2024 at 12:50
• 1 What happens if you try split(",", tostring(data.aws_ssm_parameter.account_list.value))? – Rui Jarimba Commented Nov 18, 2024 at 13:45
• There is a lot that could be said here, but the most important question is how you are using the data elsewhere in the config as if the parameter is expecting a string type as you implied with "string is expected", then you cannot use your desired list(string) and will have to approach this differently. Please update the question with usage information. @ChrisBecke comment also very relevant. – Matthew Schuchard Commented Nov 18, 2024 at 13:56

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

As the documentation notes,

The data source is currently following the behavior of the SSM API to return a string value, regardless of parameter type. For type StringList, we can use the built-in split() function to get values in a list. Example: split(",", data.aws_ssm_parameter.subnets.value)

So you can use something like this to retrieve a list:

locals {
    accounts = split(",", data.aws_ssm_parameter.account_list.value)
}

Side note: AWS account IDs are usually considered sensitive, so beware that these values will be stored in state in unencrypted, plain-text format.

I have an SSM parameter of type StringList holding AWS account IDs, like

12345678910, 12345678911, 12345678912, ... etc

This is held as an SSM parameter because the list is updated by other processes (I won't go into that process here as it's slightly irrelevant, except to say for each terraform run the list could be slightly different each time - therefore not held statically in the tf code)

I have a data source in my root module defined as follows:

data "aws_ssm_parameter" "account_list" {
  name = "account_list"
}

Then populating a local like this:

accounts = [
  data.aws_ssm_parameter.account_list.value
]

This validates, but doesn't work, because the data is fetched as a single string like:

"12345678910, 12345678911, 12345678912"

So what happens is there is only one value in the list. I have tried with

split(",",data.aws_ssm_parameter.account_list.value) but this only serves to give me and error relating to string is expected

What I really want is the local value to be dynamically populated like

accounts = [
  "12345678910", 
  "12345678911", 
  "12345678912"
]

I'm obviously doing something wrong, and much googling has not led me to a solution.

Is this even possible? Should I not be using SSM parameter for this?

I have an SSM parameter of type StringList holding AWS account IDs, like

12345678910, 12345678911, 12345678912, ... etc

This is held as an SSM parameter because the list is updated by other processes (I won't go into that process here as it's slightly irrelevant, except to say for each terraform run the list could be slightly different each time - therefore not held statically in the tf code)

I have a data source in my root module defined as follows:

data "aws_ssm_parameter" "account_list" {
  name = "account_list"
}

Then populating a local like this:

accounts = [
  data.aws_ssm_parameter.account_list.value
]

This validates, but doesn't work, because the data is fetched as a single string like:

"12345678910, 12345678911, 12345678912"

So what happens is there is only one value in the list. I have tried with

split(",",data.aws_ssm_parameter.account_list.value) but this only serves to give me and error relating to string is expected

What I really want is the local value to be dynamically populated like

accounts = [
  "12345678910", 
  "12345678911", 
  "12345678912"
]

I'm obviously doing something wrong, and much googling has not led me to a solution.

Is this even possible? Should I not be using SSM parameter for this?

• amazon-web-services
• terraform
• terraform-provider-aws
• aws-ssm

Share Improve this question Follow edited Nov 18, 2024 at 13:41 Rui Jarimba 18.3k1111 gold badges6464 silver badges9898 bronze badges asked Nov 18, 2024 at 12:40 MolenpadMolenpad 1,05444 gold badges2121 silver badges4242 bronze badges 3

• 1 It would probably be a lot less prone to race conditions if you added the account id to the ssm parameter path. What value you store there then becomes a question of some redundancy. But it means you naturally get a set back when querying account/* and consumers can randomly add and delete without worrying about locking. – Chris Becke Commented Nov 18, 2024 at 12:50
• 1 What happens if you try split(",", tostring(data.aws_ssm_parameter.account_list.value))? – Rui Jarimba Commented Nov 18, 2024 at 13:45
• There is a lot that could be said here, but the most important question is how you are using the data elsewhere in the config as if the parameter is expecting a string type as you implied with "string is expected", then you cannot use your desired list(string) and will have to approach this differently. Please update the question with usage information. @ChrisBecke comment also very relevant. – Matthew Schuchard Commented Nov 18, 2024 at 13:56

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

As the documentation notes,

The data source is currently following the behavior of the SSM API to return a string value, regardless of parameter type. For type StringList, we can use the built-in split() function to get values in a list. Example: split(",", data.aws_ssm_parameter.subnets.value)

So you can use something like this to retrieve a list:

locals {
    accounts = split(",", data.aws_ssm_parameter.account_list.value)
}

Side note: AWS account IDs are usually considered sensitive, so beware that these values will be stored in state in unencrypted, plain-text format.

本文标签： amazon web servicesDynamically populate terraform string list from AWS SSM parameterStack Overflow