# Get the default tags from the provider
data "aws_default_tags" "common" {}
locals {
ssm_prefix = "/${data.aws_default_tags.common.tags.env}/${data.aws_default_tags.common.tags.ci}"
}
The lifecycle ignore_changes doesn't prevent destroy (it only prevents the value being updated by Terraform apply).
Therefore, for parameters to be populated manually, it seems better to create the parameters manually too.
lifecycle {
ignore_changes = [value]
}
modules/ssm/variables.tf
variable "var_COUEnv" {}
variable "var_ci" {}
variable "ssm_param_g_client_id" {}
variable "ssm_param_g_client_secret" {}
modules/ssm/outputs.tf
modules/ssm/ssm.tf
resource "aws_ssm_parameter" "g_client_id" {
name = "/${var.var_COUEnv}/${var.var_ci}/g_client_id"
description = "Google account client id"
type = "String"
value = var.ssm_param_g_client_id
lifecycle {
# W/out lifecycle
}
tags = {
COUEnv = var.var_COUEnv
ci = var.var_ci
}
}
resource "aws_ssm_parameter" "g_client_secret" {
name = "/${var.var_COUEnv}/${var.var_ci}/g_client_secret"
description = "Google account client secret"
type = "SecureString"
value = var.ssm_param_g_client_secret
lifecycle {
# Warning: it doesn't prevent destroy
ignore_changes = [value]
}
tags = {
COUEnv = var.var_COUEnv
ci = var.var_ci
}
}