Corrections to dms components (#658)

milldr · aknysh · web-flow · commit f7a75efa0585 · 2023-05-22T11:39:44.000-07:00
Co-authored-by: Andriy Knysh &lt;aknysh@users.noreply.github.com&gt;
diff --git a/modules/dms/endpoint/README.md b/modules/dms/endpoint/README.md
@@ -74,12 +74,14 @@ components:
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
 | <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.26.0 |
 
 ## Providers
 
-No providers.
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 4.26.0 |
 
 ## Modules
 
@@ -91,7 +93,10 @@ No providers.
 
 ## Resources
 
-No resources.
+| Name | Type |
+|------|------|
+| [aws_ssm_parameter.password](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
+| [aws_ssm_parameter.username](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 
 ## Inputs
 
@@ -123,7 +128,8 @@ No resources.
 | <a name="input_mongodb_settings"></a> [mongodb\_settings](#input\_mongodb\_settings) | Configuration block for MongoDB settings | `map(any)` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.<br>This is the only ID element not also included as a `tag`.<br>The "name" tag is set to the full `id` string. There is no tag with the value of the `name` input. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique | `string` | `null` | no |
-| <a name="input_password"></a> [password](#input\_password) | Password to be used to login to the endpoint database | `string` | `null` | no |
+| <a name="input_password"></a> [password](#input\_password) | Password to be used to login to the endpoint database | `string` | `""` | no |
+| <a name="input_password_path"></a> [password\_path](#input\_password\_path) | If set, the path in AWS SSM Parameter Store to fetch the password for the DMS admin user | `string` | `""` | no |
 | <a name="input_port"></a> [port](#input\_port) | Port used by the endpoint database | `number` | `null` | no |
 | <a name="input_redshift_settings"></a> [redshift\_settings](#input\_redshift\_settings) | Configuration block for Redshift settings | `map(any)` | `null` | no |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br>Characters matching the regex will be removed from the ID elements.<br>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
@@ -137,7 +143,8 @@ No resources.
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
-| <a name="input_username"></a> [username](#input\_username) | User name to be used to login to the endpoint database | `string` | `null` | no |
+| <a name="input_username"></a> [username](#input\_username) | User name to be used to login to the endpoint database | `string` | `""` | no |
+| <a name="input_username_path"></a> [username\_path](#input\_username\_path) | If set, the path in AWS SSM Parameter Store to fetch the username for the DMS admin user | `string` | `""` | no |
 
 ## Outputs
 
diff --git a/modules/dms/endpoint/main.tf b/modules/dms/endpoint/main.tf
@@ -1,3 +1,18 @@
+locals {
+  fetch_username = !(length(var.username) > 0) && (length(var.username_path) > 0) ? true : false
+  fetch_password = !(length(var.password) > 0) && (length(var.password_path) > 0) ? true : false
+}
+
+data "aws_ssm_parameter" "username" {
+  count = local.fetch_username ? 1 : 0
+  name  = var.username_path
+}
+
+data "aws_ssm_parameter" "password" {
+  count = local.fetch_password ? 1 : 0
+  name  = var.password_path
+}
+
 module "dms_endpoint" {
   source  = "cloudposse/dms/aws//modules/dms-endpoint"
   version = "0.1.1"
@@ -7,15 +22,15 @@ module "dms_endpoint" {
   kms_key_arn                     = var.kms_key_arn
   certificate_arn                 = var.certificate_arn
   database_name                   = var.database_name
-  password                        = var.password
   port                            = var.port
   extra_connection_attributes     = var.extra_connection_attributes
   secrets_manager_access_role_arn = var.secrets_manager_access_role_arn
   secrets_manager_arn             = var.secrets_manager_arn
   server_name                     = var.server_name
   service_access_role             = var.service_access_role
   ssl_mode                        = var.ssl_mode
-  username                        = var.username
+  username                        = local.fetch_username ? data.aws_ssm_parameter.username[0].value : var.username
+  password                        = local.fetch_password ? data.aws_ssm_parameter.password[0].value : var.password
   elasticsearch_settings          = var.elasticsearch_settings
   kafka_settings                  = var.kafka_settings
   kinesis_settings                = var.kinesis_settings
diff --git a/modules/dms/endpoint/variables.tf b/modules/dms/endpoint/variables.tf
@@ -34,7 +34,7 @@ variable "database_name" {
 variable "password" {
   type        = string
   description = "Password to be used to login to the endpoint database"
-  default     = null
+  default     = ""
 }
 
 variable "port" {
@@ -82,7 +82,7 @@ variable "ssl_mode" {
 variable "username" {
   type        = string
   description = "User name to be used to login to the endpoint database"
-  default     = null
+  default     = ""
 }
 
 variable "elasticsearch_settings" {
@@ -120,3 +120,16 @@ variable "s3_settings" {
   description = "Configuration block for S3 settings"
   default     = null
 }
+
+variable "username_path" {
+  type        = string
+  description = "If set, the path in AWS SSM Parameter Store to fetch the username for the DMS admin user"
+  default     = ""
+}
+
+variable "password_path" {
+  type        = string
+  description = "If set, the path in AWS SSM Parameter Store to fetch the password for the DMS admin user"
+  default     = ""
+}
+
diff --git a/modules/dms/endpoint/versions.tf b/modules/dms/endpoint/versions.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.2.0"
+  required_version = ">= 1.0"
 
   required_providers {
     aws = {
diff --git a/modules/dms/iam/README.md b/modules/dms/iam/README.md
@@ -29,8 +29,7 @@ components:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0 |
-| <a name="requirement_source"></a> [source](#requirement\_source) | hashicorp/aws |
-| <a name="requirement_version"></a> [version](#requirement\_version) | >= 4.26.0 |
+| <a name="requirement_aws"></a> [aws](#requirement\_aws) | >= 4.26.0 |
 
 ## Providers
 
diff --git a/modules/dms/iam/versions.tf b/modules/dms/iam/versions.tf
@@ -2,12 +2,14 @@ terraform {
   required_version = ">= 1.0"
 
   required_providers {
-    source = "hashicorp/aws"
-    # Using the latest version of the provider since the earlier versions had many issues with DMS replication tasks.
-    # In particular:
-    # https://github.com/hashicorp/terraform-provider-aws/pull/24047
-    # https://github.com/hashicorp/terraform-provider-aws/pull/23692
-    # https://github.com/hashicorp/terraform-provider-aws/pull/13476
-    version = ">= 4.26.0"
+    aws = {
+      source = "hashicorp/aws"
+      # Using the latest version of the provider since the earlier versions had many issues with DMS replication tasks.
+      # In particular:
+      # https://github.com/hashicorp/terraform-provider-aws/pull/24047
+      # https://github.com/hashicorp/terraform-provider-aws/pull/23692
+      # https://github.com/hashicorp/terraform-provider-aws/pull/13476
+      version = ">= 4.26.0"
+    }
   }
 }
diff --git a/modules/dms/replication-task/main.tf b/modules/dms/replication-task/main.tf
@@ -2,9 +2,9 @@ module "dms_replication_task" {
   source  = "cloudposse/dms/aws//modules/dms-replication-task"
   version = "0.1.1"
 
-  replication_instance_arn = module.dms_replication_instance.outputs.replication_instance_arn
-  source_endpoint_arn      = module.dms_endpoint_source.outputs.endpoint_arn
-  target_endpoint_arn      = module.dms_endpoint_target.outputs.endpoint_arn
+  replication_instance_arn = module.dms_replication_instance.outputs.dms_replication_instance_arn
+  source_endpoint_arn      = module.dms_endpoint_source.outputs.dms_endpoint_arn
+  target_endpoint_arn      = module.dms_endpoint_target.outputs.dms_endpoint_arn
 
   start_replication_task = var.start_replication_task
   migration_type         = var.migration_type
