Skip to content

feat: Remove call data ssm parameter when ami id is specified #351

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 16, 2023
Merged

feat: Remove call data ssm parameter when ami id is specified #351

merged 1 commit into from
Aug 16, 2023

Conversation

shawnsavour
Copy link
Contributor

#350 Description:

Description

Create an ec2 instance without ssm permission with cause error.

This account or role can still create an instance in console.

The root cause is because this line of code in main.tf in line 9:

data "aws_ssm_parameter" "this" {
  count = local.create ? 1 : 0

  name = var.ami_ssm_parameter
}

Request to make the call data aws_ssm_parameter optional, something like when ami is specified, then no need to call ssm parameter to get the ami id:

#main.tf
  ami                  = try(coalesce(var.ami, nonsensitive(data.aws_ssm_parameter.this[0].value)), null)

Because it coalesce the var.ami and the nonsensitive(data.aws_ssm_parameter.this[0].value)), so we only need it when var.ami is not specified. So it should be check for null when use data to call to ssm.

data "aws_ssm_parameter" "this" {
  count = local.create && var.ami == null ? 1 : 0

  name = var.ami_ssm_parameter
}

⚠️ Note

Versions

  • Module version [Required]: 5.2.1

  • Terraform version: any version

  • Provider version(s): any version

Reproduction Code [Required]

Steps to reproduce the behavior:

  • Create an account or role with ec2 permission only
  • Use terraform to plan resource with "terraform-aws-modules/ec2-instance/aws" module
  • Error!

Expected behavior

Create an instance without ssm parameter permission

Actual behavior

Cannot create instance because missing permission

@shawnsavour shawnsavour changed the title Remove call data ssm parameter when ami id is specified Feat: Remove call data ssm parameter when ami id is specified Aug 16, 2023
@shawnsavour shawnsavour changed the title Feat: Remove call data ssm parameter when ami id is specified feat: Remove call data ssm parameter when ami id is specified Aug 16, 2023
CanhCo
CanhCo approved these changes Aug 16, 2023
View reviewed changes
Copy link

@CanhCo CanhCo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please approve it

@shawnsavour shawnsavour mentioned this pull request Aug 16, 2023
Closed
@antonbabenko antonbabenko merged commit 7ffc3dd into terraform-aws-modules:master Aug 16, 2023
antonbabenko pushed a commit that referenced this pull request Aug 16, 2023
@semantic-release-bot
chore(release): version 5.3.0 [skip ci]
2dc3446 
## [5.3.0](v5.2.1...v5.3.0) (2023-08-16)

### Features

* Remove call data ssm parameter when ami id is specified ([#351](#351)) ([7ffc3dd](7ffc3dd))
@antonbabenko
Copy link
Member

This PR is included in version 5.3.0 🎉

@Zonny
Copy link

Zonny commented Aug 16, 2023

Hello,

I am recently trying to use this module and ran into this issue

 Error: Missing required argument
 
   with module.mattermost_standalone_ecs_instance.aws_instance.this[0],
   on .terraform/modules/mattermost_standalone_ecs_instance/main.tf line 22, in resource "aws_instance" "this":
   22:   ami                  = try(coalesce(var.ami, nonsensitive(data.aws_ssm_parameter.this[0].value)), null)
 
 "ami": one of `ami,launch_template` must be specified

It seems like it might be due to merging this PR. The reason I believe is that the ami variable is always getting set to null because data.aws_ssm_parameter.this[0].value cannot be referenced. I removed the try block locally and get this error message

 Error: Invalid index
 
   on .terraform/modules/mattermost_standalone_ecs_instance/main.tf line 22, in resource "aws_instance" "this":
   22:   ami                  = coalesce(var.ami, nonsensitive(data.aws_ssm_parameter.this[0].value))
     ├────────────────
     │ data.aws_ssm_parameter.this is empty tuple
 
 The given key does not identify an element in this collection value: the collection has no elements.

@Zonny Zonny mentioned this pull request Aug 16, 2023
Closed
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 16, 2023
@shawnsavour shawnsavour deleted the feat/disable_ssm_parameter_permission_for_some_context branch September 16, 2023 10:18
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@antonbabenko antonbabenko antonbabenko approved these changes

@CanhCo CanhCo CanhCo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shawnsavour @antonbabenko @Zonny @CanhCo