Reconfigure module with a sticky ami id stored in ssm (#18)

* Reconfigure module with a sticky ami id stored in ssm - Refactor module to handle the ami id as an insenstive value allowing terraform to properly determine the plan is noop - Add logic to use a data lookup when ami_id is not passed and set the ssm param when it is passed - Remove the ami data object that was getting latest by ami id - this makes no sense. Instead we put validation on the ssm param with type = aws:ec2:image * Add note about ami_id being sticky in the description
FitnessKeeper · Apr 4, 2023 · 25ef085 · 25ef085
1 parent 48117e9
commit 25ef085
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 12 deletions.
diff --git a/main.tf b/main.tf
@@ -21,17 +21,16 @@ resource "aws_ssm_parameter" "ami_id_param" {
   name           = "/${var.env}/${var.app}/webapi_ami_id"
   description    = "AMI ID to be used for webapi_secondary/tertiary instances"
   type           = "String"
-  insecure_value = var.ami_id
+  # This is a bit tricky. When ami_id is "" we want to lookup the existing value from the data object to make this sticky/noop. When it's passed we want to set the new value passed.
+  insecure_value = var.ami_id != "" ? var.ami_id : nonsensitive(data.aws_ssm_parameter.ami_id_param[0].value)
+  overwrite      = true
+  data_type      = "aws:ec2:image"
 }
 
-data "aws_ami" "app" {
-  most_recent = true
-  owners      = [data.aws_caller_identity.current.account_id]
-
-  filter {
-    name   = "image-id"
-    values = [aws_ssm_parameter.ami_id_param.value]
-  }
+data "aws_ssm_parameter" "ami_id_param" {
+  # Only create this data object when var.ami_id is empty string (the default value when not set)
+  count = var.ami_id != "" ? 0 : 1
+  name  = "/${var.env}/${var.app}/webapi_ami_id"
 }
 
 resource "aws_autoscaling_group" "app" {
@@ -73,7 +72,7 @@ resource "aws_autoscaling_group" "app" {
 
 resource "aws_launch_configuration" "app" {
   name_prefix                 = "tf-lc-${data.aws_vpc.vpc.tags["Name"]}-${var.app}-"
-  image_id                    = data.aws_ami.app.id
+  image_id                    = aws_ssm_parameter.ami_id_param.insecure_value
   instance_type               = var.instance_type
   iam_instance_profile        = var.iam_instance_profile
   key_name                    = var.key_name

diff --git a/outputs.tf b/outputs.tf
@@ -11,7 +11,7 @@ output "target_group_name" {
 }
 
 output "ami_name" {
-  value = data.aws_ami.app.name
+  value = aws_ssm_parameter.ami_id_param.insecure_value
 }
 
 output "autoscaling_group_arn" {

diff --git a/variables.tf b/variables.tf
@@ -10,7 +10,7 @@ variable "app" {
 
 variable "ami_id" {
   type        = string
-  description = "ID of AMI to deploy via launch configuration"
+  description = "ID of AMI to deploy via launch configuration. This variable is sticky. You must populate it with a valid AMI ID the first time this module is applied. After that it is optional."
   default     = ""
 }