├── .editorconfig
├── .github
└── workflows
│ ├── lock.yml
│ ├── pr-title.yml
│ ├── pre-commit.yml
│ ├── release.yml
│ └── stale-actions.yaml
├── .gitignore
├── .pre-commit-config.yaml
├── .releaserc.json
├── CHANGELOG.md
├── LICENSE
├── README.md
├── examples
├── README.md
├── _configs
│ ├── config.json
│ ├── config_validator.json
│ ├── feature_flags.json
│ └── validate.py
├── appconfig-hosted
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── s3
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── ssm-document
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
└── ssm-parameter
│ ├── README.md
│ ├── main.tf
│ ├── outputs.tf
│ ├── variables.tf
│ └── versions.tf
├── main.tf
├── outputs.tf
├── variables.tf
└── versions.tf
/.editorconfig:
--------------------------------------------------------------------------------
1 | # EditorConfig is awesome: http://EditorConfig.org
2 | # Uses editorconfig to maintain consistent coding styles
3 |
4 | # top-most EditorConfig file
5 | root = true
6 |
7 | # Unix-style newlines with a newline ending every file
8 | [*]
9 | charset = utf-8
10 | end_of_line = lf
11 | indent_size = 2
12 | indent_style = space
13 | insert_final_newline = true
14 | max_line_length = 80
15 | trim_trailing_whitespace = true
16 |
17 | [*.{tf,tfvars}]
18 | indent_size = 2
19 | indent_style = space
20 |
21 | [*.md]
22 | max_line_length = 0
23 | trim_trailing_whitespace = false
24 |
25 | [Makefile]
26 | tab_width = 2
27 | indent_style = tab
28 |
29 | [COMMIT_EDITMSG]
30 | max_line_length = 0
31 |
--------------------------------------------------------------------------------
/.github/workflows/lock.yml:
--------------------------------------------------------------------------------
1 | name: 'Lock Threads'
2 |
3 | on:
4 | schedule:
5 | - cron: '50 1 * * *'
6 |
7 | jobs:
8 | lock:
9 | runs-on: ubuntu-latest
10 | steps:
11 | - uses: dessant/lock-threads@v5
12 | with:
13 | github-token: ${{ secrets.GITHUB_TOKEN }}
14 | issue-comment: >
15 | I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
16 | If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
17 | issue-inactive-days: '30'
18 | pr-comment: >
19 | I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
20 | If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
21 | pr-inactive-days: '30'
22 |
--------------------------------------------------------------------------------
/.github/workflows/pr-title.yml:
--------------------------------------------------------------------------------
1 | name: 'Validate PR title'
2 |
3 | on:
4 | pull_request_target:
5 | types:
6 | - opened
7 | - edited
8 | - synchronize
9 |
10 | jobs:
11 | main:
12 | name: Validate PR title
13 | runs-on: ubuntu-latest
14 | steps:
15 | # Please look up the latest version from
16 | # https://github.com/amannn/action-semantic-pull-request/releases
17 | - uses: amannn/action-semantic-pull-request@v5.5.3
18 | env:
19 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
20 | with:
21 | # Configure which types are allowed.
22 | # Default: https://github.com/commitizen/conventional-commit-types
23 | types: |
24 | fix
25 | feat
26 | docs
27 | ci
28 | chore
29 | # Configure that a scope must always be provided.
30 | requireScope: false
31 | # Configure additional validation for the subject based on a regex.
32 | # This example ensures the subject starts with an uppercase character.
33 | subjectPattern: ^[A-Z].+$
34 | # If `subjectPattern` is configured, you can use this property to override
35 | # the default error message that is shown when the pattern doesn't match.
36 | # The variables `subject` and `title` can be used within the message.
37 | subjectPatternError: |
38 | The subject "{subject}" found in the pull request title "{title}"
39 | didn't match the configured pattern. Please ensure that the subject
40 | starts with an uppercase character.
41 | # For work-in-progress PRs you can typically use draft pull requests
42 | # from Github. However, private repositories on the free plan don't have
43 | # this option and therefore this action allows you to opt-in to using the
44 | # special "[WIP]" prefix to indicate this state. This will avoid the
45 | # validation of the PR title and the pull request checks remain pending.
46 | # Note that a second check will be reported if this is enabled.
47 | wip: true
48 | # When using "Squash and merge" on a PR with only one commit, GitHub
49 | # will suggest using that commit message instead of the PR title for the
50 | # merge commit, and it's easy to commit this by mistake. Enable this option
51 | # to also validate the commit message for one commit PRs.
52 | validateSingleCommit: false
53 |
--------------------------------------------------------------------------------
/.github/workflows/pre-commit.yml:
--------------------------------------------------------------------------------
1 | name: Pre-Commit
2 |
3 | on:
4 | pull_request:
5 | branches:
6 | - main
7 | - master
8 |
9 | env:
10 | TERRAFORM_DOCS_VERSION: v0.19.0
11 | TFLINT_VERSION: v0.53.0
12 |
13 | jobs:
14 | collectInputs:
15 | name: Collect workflow inputs
16 | runs-on: ubuntu-latest
17 | outputs:
18 | directories: ${{ steps.dirs.outputs.directories }}
19 | steps:
20 | - name: Checkout
21 | uses: actions/checkout@v4
22 |
23 | - name: Get root directories
24 | id: dirs
25 | uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
26 |
27 | preCommitMinVersions:
28 | name: Min TF pre-commit
29 | needs: collectInputs
30 | runs-on: ubuntu-latest
31 | strategy:
32 | matrix:
33 | directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
34 | steps:
35 | # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
36 | - name: Delete huge unnecessary tools folder
37 | run: |
38 | rm -rf /opt/hostedtoolcache/CodeQL
39 | rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
40 | rm -rf /opt/hostedtoolcache/Ruby
41 | rm -rf /opt/hostedtoolcache/go
42 |
43 | - name: Checkout
44 | uses: actions/checkout@v4
45 |
46 | - name: Terraform min/max versions
47 | id: minMax
48 | uses: clowdhaus/terraform-min-max@v1.3.1
49 | with:
50 | directory: ${{ matrix.directory }}
51 |
52 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
53 | # Run only validate pre-commit check on min version supported
54 | if: ${{ matrix.directory != '.' }}
55 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
56 | with:
57 | terraform-version: ${{ steps.minMax.outputs.minVersion }}
58 | tflint-version: ${{ env.TFLINT_VERSION }}
59 | args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
60 |
61 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
62 | # Run only validate pre-commit check on min version supported
63 | if: ${{ matrix.directory == '.' }}
64 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
65 | with:
66 | terraform-version: ${{ steps.minMax.outputs.minVersion }}
67 | tflint-version: ${{ env.TFLINT_VERSION }}
68 | args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
69 |
70 | preCommitMaxVersion:
71 | name: Max TF pre-commit
72 | runs-on: ubuntu-latest
73 | needs: collectInputs
74 | steps:
75 | # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
76 | - name: Delete huge unnecessary tools folder
77 | run: |
78 | rm -rf /opt/hostedtoolcache/CodeQL
79 | rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
80 | rm -rf /opt/hostedtoolcache/Ruby
81 | rm -rf /opt/hostedtoolcache/go
82 |
83 | - name: Checkout
84 | uses: actions/checkout@v4
85 | with:
86 | ref: ${{ github.event.pull_request.head.ref }}
87 | repository: ${{github.event.pull_request.head.repo.full_name}}
88 |
89 | - name: Terraform min/max versions
90 | id: minMax
91 | uses: clowdhaus/terraform-min-max@v1.3.1
92 |
93 | - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
94 | uses: clowdhaus/terraform-composite-actions/pre-commit@v1.11.1
95 | with:
96 | terraform-version: ${{ steps.minMax.outputs.maxVersion }}
97 | tflint-version: ${{ env.TFLINT_VERSION }}
98 | terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
99 | install-hcledit: true
100 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | name: Release
2 |
3 | on:
4 | workflow_dispatch:
5 | push:
6 | branches:
7 | - main
8 | - master
9 | paths:
10 | - '**/*.tpl'
11 | - '**/*.py'
12 | - '**/*.tf'
13 | - '.github/workflows/release.yml'
14 |
15 | jobs:
16 | release:
17 | name: Release
18 | runs-on: ubuntu-latest
19 | # Skip running release workflow on forks
20 | if: github.repository_owner == 'terraform-aws-modules'
21 | steps:
22 | - name: Checkout
23 | uses: actions/checkout@v4
24 | with:
25 | persist-credentials: false
26 | fetch-depth: 0
27 |
28 | - name: Release
29 | uses: cycjimmy/semantic-release-action@v4
30 | with:
31 | semantic_version: 23.0.2
32 | extra_plugins: |
33 | @semantic-release/changelog@6.0.3
34 | @semantic-release/git@10.0.1
35 | conventional-changelog-conventionalcommits@7.0.2
36 | env:
37 | GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
38 |
--------------------------------------------------------------------------------
/.github/workflows/stale-actions.yaml:
--------------------------------------------------------------------------------
1 | name: 'Mark or close stale issues and PRs'
2 | on:
3 | schedule:
4 | - cron: '0 0 * * *'
5 |
6 | jobs:
7 | stale:
8 | runs-on: ubuntu-latest
9 | steps:
10 | - uses: actions/stale@v9
11 | with:
12 | repo-token: ${{ secrets.GITHUB_TOKEN }}
13 | # Staling issues and PR's
14 | days-before-stale: 30
15 | stale-issue-label: stale
16 | stale-pr-label: stale
17 | stale-issue-message: |
18 | This issue has been automatically marked as stale because it has been open 30 days
19 | with no activity. Remove stale label or comment or this issue will be closed in 10 days
20 | stale-pr-message: |
21 | This PR has been automatically marked as stale because it has been open 30 days
22 | with no activity. Remove stale label or comment or this PR will be closed in 10 days
23 | # Not stale if have this labels or part of milestone
24 | exempt-issue-labels: bug,wip,on-hold
25 | exempt-pr-labels: bug,wip,on-hold
26 | exempt-all-milestones: true
27 | # Close issue operations
28 | # Label will be automatically removed if the issues are no longer closed nor locked.
29 | days-before-close: 10
30 | delete-branch: true
31 | close-issue-message: This issue was automatically closed because of stale in 10 days
32 | close-pr-message: This PR was automatically closed because of stale in 10 days
33 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Local .terraform directories
2 | **/.terraform/*
3 |
4 | # .tfstate files
5 | *.tfstate
6 | *.tfstate.*
7 |
8 | # terraform lockfile
9 | .terraform.lock.hcl
10 |
11 | # Crash log files
12 | crash.log
13 |
14 | # Exclude all .tfvars files, which are likely to contain sentitive data, such as
15 | # password, private keys, and other secrets. These should not be part of version
16 | # control as they are data points which are potentially sensitive and subject
17 | # to change depending on the environment.
18 | #
19 | *.tfvars
20 |
21 | # Ignore override files as they are usually used to override resources locally and so
22 | # are not checked in
23 | override.tf
24 | override.tf.json
25 | *_override.tf
26 | *_override.tf.json
27 |
28 | # Include override files you do wish to add to version control using negated pattern
29 | #
30 | # !example_override.tf
31 |
32 | # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
33 | # example: *tfplan*
34 |
35 | # Ignore CLI configuration files
36 | .terraformrc
37 | terraform.rc
38 |
39 | *.zip
40 |
--------------------------------------------------------------------------------
/.pre-commit-config.yaml:
--------------------------------------------------------------------------------
1 | repos:
2 | - repo: https://github.com/antonbabenko/pre-commit-terraform
3 | rev: v1.96.1
4 | hooks:
5 | - id: terraform_fmt
6 | - id: terraform_docs
7 | args:
8 | - '--args=--lockfile=false'
9 | - id: terraform_tflint
10 | args:
11 | - '--args=--only=terraform_deprecated_interpolation'
12 | - '--args=--only=terraform_deprecated_index'
13 | - '--args=--only=terraform_unused_declarations'
14 | - '--args=--only=terraform_comment_syntax'
15 | - '--args=--only=terraform_documented_outputs'
16 | - '--args=--only=terraform_documented_variables'
17 | - '--args=--only=terraform_typed_variables'
18 | - '--args=--only=terraform_module_pinned_source'
19 | - '--args=--only=terraform_naming_convention'
20 | - '--args=--only=terraform_required_version'
21 | - '--args=--only=terraform_required_providers'
22 | - '--args=--only=terraform_standard_module_structure'
23 | - '--args=--only=terraform_workspace_remote'
24 | - id: terraform_validate
25 | - repo: https://github.com/pre-commit/pre-commit-hooks
26 | rev: v5.0.0
27 | hooks:
28 | - id: check-merge-conflict
29 | - id: end-of-file-fixer
30 | - id: trailing-whitespace
31 |
--------------------------------------------------------------------------------
/.releaserc.json:
--------------------------------------------------------------------------------
1 | {
2 | "branches": [
3 | "main",
4 | "master"
5 | ],
6 | "ci": false,
7 | "plugins": [
8 | [
9 | "@semantic-release/commit-analyzer",
10 | {
11 | "preset": "conventionalcommits"
12 | }
13 | ],
14 | [
15 | "@semantic-release/release-notes-generator",
16 | {
17 | "preset": "conventionalcommits"
18 | }
19 | ],
20 | [
21 | "@semantic-release/github",
22 | {
23 | "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
24 | "labels": false,
25 | "releasedLabels": false
26 | }
27 | ],
28 | [
29 | "@semantic-release/changelog",
30 | {
31 | "changelogFile": "CHANGELOG.md",
32 | "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
33 | }
34 | ],
35 | [
36 | "@semantic-release/git",
37 | {
38 | "assets": [
39 | "CHANGELOG.md"
40 | ],
41 | "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
42 | }
43 | ]
44 | ]
45 | }
46 |
--------------------------------------------------------------------------------
/CHANGELOG.md:
--------------------------------------------------------------------------------
1 | # Changelog
2 |
3 | All notable changes to this project will be documented in this file.
4 |
5 | ## [2.0.1](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v2.0.0...v2.0.1) (2024-03-07)
6 |
7 |
8 | ### Bug Fixes
9 |
10 | * Update CI workflow versions to remove deprecated runtime warnings ([#11](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/11)) ([fa9b38f](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/fa9b38f7bd92941f5099f3c22a00c9ea2a8687fe))
11 |
12 | ## [2.0.0](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v1.1.4...v2.0.0) (2023-10-30)
13 |
14 |
15 | ### ⚠ BREAKING CHANGES
16 |
17 | * Add support for feature flag (#8)
18 |
19 | ### Features
20 |
21 | * Add support for feature flag ([#8](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/8)) ([44f1a5d](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/44f1a5db43fb3705c7ce382a907e26dbe209889f))
22 |
23 | ### [1.1.4](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v1.1.3...v1.1.4) (2023-10-30)
24 |
25 |
26 | ### Bug Fixes
27 |
28 | * Do not create a deployment when a version is not provided ([#7](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/7)) ([46ab6cb](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/46ab6cb2c4ce98f7f7970631aa14c422bc1a1338))
29 |
30 | ### [1.1.3](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v1.1.2...v1.1.3) (2023-01-24)
31 |
32 |
33 | ### Bug Fixes
34 |
35 | * Use a version for to avoid GitHub API rate limiting on CI workflows ([#3](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/3)) ([3e05af7](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/3e05af703e80305b3a9c5510dcd69a9a38325313))
36 |
37 | ### [1.1.2](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v1.1.1...v1.1.2) (2022-10-27)
38 |
39 |
40 | ### Bug Fixes
41 |
42 | * Update CI configuration files to use latest version ([#2](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/2)) ([0f359d8](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/0f359d8a154dcac5b8ea6adf6f5b42699b53903a))
43 |
44 | ### [1.1.1](https://github.com/terraform-aws-modules/terraform-aws-appconfig/compare/v1.1.0...v1.1.1) (2022-04-21)
45 |
46 |
47 | ### Bug Fixes
48 |
49 | * Update documentation to remove prior notice and deprecated workflow ([#1](https://github.com/terraform-aws-modules/terraform-aws-appconfig/issues/1)) ([453c022](https://github.com/terraform-aws-modules/terraform-aws-appconfig/commit/453c0229eef12edb6d36232ecfea479f5f3a9f95))
50 |
51 | ## [1.1.0](https://github.com/clowdhaus/terraform-aws-appconfig/compare/v1.0.0...v1.1.0) (2022-04-20)
52 |
53 |
54 | ### Features
55 |
56 | * Repo has moved to [terraform-aws-modules](https://github.com/terraform-aws-modules/terraform-aws-appconfig) organization ([bbe3771](https://github.com/clowdhaus/terraform-aws-appconfig/commit/bbe3771cb2a14c02c666583c0e6b60dfe6020f2c))
57 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # AWS AppConfig Terraform module
2 |
3 | Terraform module which creates AWS AppConfig resources.
4 |
5 | ## Usage
6 |
7 | See [`examples`](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples) directory for working examples to reference:
8 |
9 | ```hcl
10 | module "appconfig" {
11 | source = "terraform-aws-modules/appconfig/aws"
12 |
13 | name = "example"
14 | description = "AppConfig hosted configuration"
15 |
16 | # environments
17 | environments = {
18 | nonprod = {
19 | name = "nonprod"
20 | description = "Non-production environment"
21 | },
22 | prod = {
23 | name = "prod"
24 | description = "Production environment"
25 | }
26 | }
27 |
28 | # hosted config version
29 | use_hosted_configuration = true
30 | hosted_config_version_content_type = "application/json"
31 | hosted_config_version_content = jsonencode({
32 | isEnabled = false,
33 | messageOption = "ItWorks!"
34 | })
35 |
36 | # configuration profile
37 | config_profile_validator = [{
38 | type = "JSON_SCHEMA"
39 | content = jsonencode({
40 | "$schema" = "http://json-schema.org/draft-04/schema#",
41 | type = "object",
42 | properties = {
43 | isEnabled = {
44 | type = "boolean"
45 | },
46 | messageOption = {
47 | type = "string",
48 | minimum = 0
49 | }
50 | },
51 | additionalProperties = false,
52 | required = ["isEnabled", "messageOption"]
53 | }) }, {
54 | type = "LAMBDA"
55 | content = "arn:aws:lambda:us-east-1:123456789101:function:example-appconfig-hosted"
56 | }]
57 |
58 | tags = {
59 | Terraform = "true"
60 | Environment = "dev"
61 | }
62 | }
63 | ```
64 |
65 | ## Examples
66 |
67 | Examples codified under the [`examples`](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples) are intended
68 | give users references for how to use the module(s) as well as testing/validating changes to the source code of the module(s). If contributing to the project, please be sure to make any appropriate updates to the relevant examples to allow maintainers to test your changes and to keep the examples up to date for users. Thank you!
69 |
70 | - [AppConfig Hosted](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/appconfig-hosted)
71 | - [S3](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/s3)
72 | - [SSM Document](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/ssm-document)
73 | - [SSM Parameter](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/ssm-parameter)
74 |
75 |
76 | ## Requirements
77 |
78 | | Name | Version |
79 | |------|---------|
80 | | [terraform](#requirement\_terraform) | >= 1.0 |
81 | | [aws](#requirement\_aws) | >= 5.0 |
82 |
83 | ## Providers
84 |
85 | | Name | Version |
86 | |------|---------|
87 | | [aws](#provider\_aws) | >= 5.0 |
88 |
89 | ## Modules
90 |
91 | No modules.
92 |
93 | ## Resources
94 |
95 | | Name | Type |
96 | |------|------|
97 | | [aws_appconfig_application.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_application) | resource |
98 | | [aws_appconfig_configuration_profile.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_configuration_profile) | resource |
99 | | [aws_appconfig_deployment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_deployment) | resource |
100 | | [aws_appconfig_deployment_strategy.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_deployment_strategy) | resource |
101 | | [aws_appconfig_environment.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_environment) | resource |
102 | | [aws_appconfig_hosted_configuration_version.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appconfig_hosted_configuration_version) | resource |
103 | | [aws_iam_policy.retrieval](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
104 | | [aws_iam_role.retrieval](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
105 | | [aws_iam_role_policy_attachment.retrieval](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
106 | | [aws_iam_policy_document.retreival](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
107 | | [aws_iam_policy_document.retrieval_s3](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
108 | | [aws_iam_policy_document.retrieval_ssm_document](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
109 | | [aws_iam_policy_document.retrieval_ssm_parameter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
110 |
111 | ## Inputs
112 |
113 | | Name | Description | Type | Default | Required |
114 | |------|-------------|------|---------|:--------:|
115 | | [config\_profile\_description](#input\_config\_profile\_description) | The description of the configuration profile. Can be at most 1024 characters | `string` | `null` | no |
116 | | [config\_profile\_location\_uri](#input\_config\_profile\_location\_uri) | A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object | `string` | `"hosted"` | no |
117 | | [config\_profile\_name](#input\_config\_profile\_name) | The name for the configuration profile. Must be between 1 and 64 characters in length | `string` | `null` | no |
118 | | [config\_profile\_retrieval\_role\_arn](#input\_config\_profile\_retrieval\_role\_arn) | The ARN of an IAM role with permission to access the configuration at the specified `location_uri`. A retrieval role ARN is not required for configurations stored in the AWS AppConfig `hosted` configuration store. It is required for all other sources that store your configuration | `string` | `null` | no |
119 | | [config\_profile\_tags](#input\_config\_profile\_tags) | A map of additional tags to apply to the configuration profile | `map(string)` | `{}` | no |
120 | | [config\_profile\_type](#input\_config\_profile\_type) | Type of configurations contained in the profile. Valid values: `AWS.AppConfig.FeatureFlags` and `AWS.Freeform` | `string` | `null` | no |
121 | | [config\_profile\_validator](#input\_config\_profile\_validator) | A set of methods for validating the configuration. Maximum of 2 | `list(map(any))` | `[]` | no |
122 | | [create](#input\_create) | Determines whether resources are created | `bool` | `true` | no |
123 | | [create\_deployment\_strategy](#input\_create\_deployment\_strategy) | Determines whether a deployment strategy is created | `bool` | `true` | no |
124 | | [create\_retrieval\_role](#input\_create\_retrieval\_role) | Determines whether configuration retrieval IAM role is created | `bool` | `true` | no |
125 | | [deployment\_configuration\_version](#input\_deployment\_configuration\_version) | The configuration version to deploy. Can be at most 1024 characters | `string` | `null` | no |
126 | | [deployment\_description](#input\_deployment\_description) | A description of the deployment. Can be at most 1024 characters | `string` | `null` | no |
127 | | [deployment\_strategy\_deployment\_duration\_in\_minutes](#input\_deployment\_strategy\_deployment\_duration\_in\_minutes) | Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440 | `number` | `0` | no |
128 | | [deployment\_strategy\_description](#input\_deployment\_strategy\_description) | A description of the deployment strategy. Can be at most 1024 characters | `string` | `null` | no |
129 | | [deployment\_strategy\_final\_bake\_time\_in\_minutes](#input\_deployment\_strategy\_final\_bake\_time\_in\_minutes) | Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440 | `number` | `0` | no |
130 | | [deployment\_strategy\_growth\_factor](#input\_deployment\_strategy\_growth\_factor) | The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1, maximum value of 100 | `number` | `100` | no |
131 | | [deployment\_strategy\_growth\_type](#input\_deployment\_strategy\_growth\_type) | The algorithm used to define how percentage grows over time. Valid value: `LINEAR` and `EXPONENTIAL`. Defaults to `LINEAR` | `string` | `null` | no |
132 | | [deployment\_strategy\_id](#input\_deployment\_strategy\_id) | An existing AppConfig deployment strategy ID | `string` | `null` | no |
133 | | [deployment\_strategy\_name](#input\_deployment\_strategy\_name) | A name for the deployment strategy. Must be between 1 and 64 characters in length | `string` | `null` | no |
134 | | [deployment\_strategy\_replicate\_to](#input\_deployment\_strategy\_replicate\_to) | Where to save the deployment strategy. Valid values: `NONE` and `SSM_DOCUMENT` | `string` | `"NONE"` | no |
135 | | [deployment\_strategy\_tags](#input\_deployment\_strategy\_tags) | A map of additional tags to apply to the deployment strategy | `map(string)` | `{}` | no |
136 | | [deployment\_tags](#input\_deployment\_tags) | A map of additional tags to apply to the deployment | `map(string)` | `{}` | no |
137 | | [description](#input\_description) | The description of the application. Can be at most 1024 characters | `string` | `null` | no |
138 | | [environments](#input\_environments) | Map of attributes for AppConfig environment resource(s) | `map(any)` | `{}` | no |
139 | | [hosted\_config\_version\_content](#input\_hosted\_config\_version\_content) | The content of the configuration or the configuration data | `string` | `null` | no |
140 | | [hosted\_config\_version\_content\_type](#input\_hosted\_config\_version\_content\_type) | A standard MIME type describing the format of the configuration content. For more information, see [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17) | `string` | `null` | no |
141 | | [hosted\_config\_version\_description](#input\_hosted\_config\_version\_description) | A description of the configuration | `string` | `null` | no |
142 | | [name](#input\_name) | The name for the application. Must be between 1 and 64 characters in length | `string` | `""` | no |
143 | | [retrieval\_role\_description](#input\_retrieval\_role\_description) | Description of the configuration retrieval role | `string` | `null` | no |
144 | | [retrieval\_role\_name](#input\_retrieval\_role\_name) | The name for the configuration retrieval role | `string` | `""` | no |
145 | | [retrieval\_role\_path](#input\_retrieval\_role\_path) | Path to the configuration retrieval role | `string` | `null` | no |
146 | | [retrieval\_role\_permissions\_boundary](#input\_retrieval\_role\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the configuration retrieval role | `string` | `null` | no |
147 | | [retrieval\_role\_tags](#input\_retrieval\_role\_tags) | A map of additional tags to apply to the configuration retrieval role | `map(string)` | `{}` | no |
148 | | [retrieval\_role\_use\_name\_prefix](#input\_retrieval\_role\_use\_name\_prefix) | Determines whether to a name or name-prefix strategy is used on the role | `bool` | `true` | no |
149 | | [s3\_configuration\_bucket\_arn](#input\_s3\_configuration\_bucket\_arn) | The ARN of the configuration S3 bucket | `string` | `null` | no |
150 | | [s3\_configuration\_object\_key](#input\_s3\_configuration\_object\_key) | Name of the configuration object/file stored in the S3 bucket | `string` | `"*"` | no |
151 | | [ssm\_document\_configuration\_arn](#input\_ssm\_document\_configuration\_arn) | ARN of the configuration SSM document | `string` | `null` | no |
152 | | [ssm\_parameter\_configuration\_arn](#input\_ssm\_parameter\_configuration\_arn) | ARN of the configuration SSM parameter | `string` | `null` | no |
153 | | [tags](#input\_tags) | A list of tag blocks. Each element should have keys named key, value, and propagate\_at\_launch | `map(string)` | `{}` | no |
154 | | [use\_hosted\_configuration](#input\_use\_hosted\_configuration) | Determines whether a hosted configuration is used | `bool` | `false` | no |
155 | | [use\_s3\_configuration](#input\_use\_s3\_configuration) | Determines whether an S3 configuration is used | `bool` | `false` | no |
156 | | [use\_ssm\_document\_configuration](#input\_use\_ssm\_document\_configuration) | Determines whether an SSM document configuration is used | `bool` | `false` | no |
157 | | [use\_ssm\_parameter\_configuration](#input\_use\_ssm\_parameter\_configuration) | Determines whether an SSM parameter configuration is used | `bool` | `false` | no |
158 |
159 | ## Outputs
160 |
161 | | Name | Description |
162 | |------|-------------|
163 | | [application\_arn](#output\_application\_arn) | The Amazon Resource Name (ARN) of the AppConfig Application |
164 | | [application\_id](#output\_application\_id) | The AppConfig application ID |
165 | | [configuration\_profile\_arn](#output\_configuration\_profile\_arn) | The Amazon Resource Name (ARN) of the AppConfig Configuration Profile |
166 | | [configuration\_profile\_configuration\_profile\_id](#output\_configuration\_profile\_configuration\_profile\_id) | The configuration profile ID |
167 | | [configuration\_profile\_id](#output\_configuration\_profile\_id) | The AppConfig configuration profile ID and application ID separated by a colon (:) |
168 | | [deployment\_strategy\_arn](#output\_deployment\_strategy\_arn) | The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy |
169 | | [deployment\_strategy\_id](#output\_deployment\_strategy\_id) | The AppConfig deployment strategy ID |
170 | | [deployments](#output\_deployments) | The AppConfig deployments |
171 | | [environments](#output\_environments) | The AppConfig environments |
172 | | [hosted\_configuration\_version\_arn](#output\_hosted\_configuration\_version\_arn) | The Amazon Resource Name (ARN) of the AppConfig hosted configuration version |
173 | | [hosted\_configuration\_version\_id](#output\_hosted\_configuration\_version\_id) | The AppConfig application ID, configuration profile ID, and version number separated by a slash (/) |
174 | | [hosted\_configuration\_version\_version\_number](#output\_hosted\_configuration\_version\_version\_number) | The version number of the hosted configuration |
175 | | [retrieval\_role\_arn](#output\_retrieval\_role\_arn) | Amazon Resource Name (ARN) specifying the retrieval role |
176 | | [retrieval\_role\_id](#output\_retrieval\_role\_id) | Name of the retrieval role |
177 | | [retrieval\_role\_name](#output\_retrieval\_role\_name) | Name of the retrieval role |
178 | | [retrieval\_role\_policy\_arn](#output\_retrieval\_role\_policy\_arn) | The ARN assigned by AWS to the retrieval role policy |
179 | | [retrieval\_role\_policy\_id](#output\_retrieval\_role\_policy\_id) | The ARN assigned by AWS to the retrieval role policy |
180 | | [retrieval\_role\_policy\_name](#output\_retrieval\_role\_policy\_name) | The name of the policy |
181 | | [retrieval\_role\_policy\_policy](#output\_retrieval\_role\_policy\_policy) | The retrieval role policy document |
182 | | [retrieval\_role\_policy\_policy\_id](#output\_retrieval\_role\_policy\_policy\_id) | The retrieval role policy ID |
183 | | [retrieval\_role\_unique\_id](#output\_retrieval\_role\_unique\_id) | Stable and unique string identifying the retrieval role |
184 |
185 |
186 | ## License
187 |
188 | Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-appconfig/blob/master/LICENSE).
189 |
--------------------------------------------------------------------------------
/examples/README.md:
--------------------------------------------------------------------------------
1 | # Terraform AWS AppConfig examples
2 |
3 | - [AppConfig Hosted](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/appconfig-hosted)
4 | - [S3](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/s3)
5 | - [SSM Document](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/ssm-document)
6 | - [SSM Parameter](https://github.com/terraform-aws-modules/terraform-aws-appconfig/tree/master/examples/ssm-parameter)
7 |
--------------------------------------------------------------------------------
/examples/_configs/config.json:
--------------------------------------------------------------------------------
1 | {
2 | "isEnabled": false,
3 | "messageOption": "ItWorks!"
4 | }
5 |
--------------------------------------------------------------------------------
/examples/_configs/config_validator.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "http://json-schema.org/draft-04/schema#",
3 | "type": "object",
4 | "properties": {
5 | "isEnabled": {
6 | "type": "boolean"
7 | },
8 | "messageOption": {
9 | "type": "string",
10 | "minimum": 0
11 | }
12 | },
13 | "additionalProperties": false,
14 | "required": ["isEnabled", "messageOption"]
15 | }
16 |
--------------------------------------------------------------------------------
/examples/_configs/feature_flags.json:
--------------------------------------------------------------------------------
1 | {
2 | "flags": {
3 | "is_enabled": {
4 | "name": "isEnabled"
5 | }
6 | },
7 | "values": {
8 | "is_enabled": {
9 | "enabled": "false"
10 | }
11 | },
12 | "version": "1"
13 | }
14 |
--------------------------------------------------------------------------------
/examples/_configs/validate.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | """
3 | Validate
4 | --------
5 |
6 | AppConfig configuration semantic validation lambda function
7 | https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-configuration-and-profile-validators.html
8 |
9 | """
10 |
11 | import json
12 | from typing import Dict
13 | from base64 import b64decode
14 |
15 | # Lambda function validators must be configured with the following event schema.
16 | # AWS AppConfig uses this schema to invoke the Lambda function.
17 | # The content is a base64-encoded string, and the URI is a string.
18 | # {
19 | # "applicationId": "The application Id of the configuration profile being validated",
20 | # "configurationProfileId": "The configuration profile Id of the configuration profile being validated",
21 | # "configurationVersion": "The configuration version of the configuration profile being validated",
22 | # "content": "Base64EncodedByteString",
23 | # "uri": "The uri of the configuration"
24 | # }
25 |
26 |
27 | def handler(event: Dict, _c: Dict):
28 | """
29 | Lambda function to receive and validate configuration payload semantics.
30 |
31 | :param event: lambda expected event object
32 | :param _c: lambda expected context object (unused)
33 | :returns: none
34 | """
35 | # log out payload to CloudWatch
36 | print(json.dumps(event))
37 |
38 | base64_content = event.get('content')
39 | config_content = b64decode(base64_content).decode('ascii')
40 |
41 | print(json.dumps(json.loads(config_content)))
42 |
43 | # example to fail validation
44 | if False:
45 | raise Exception("This would fail validation if raised")
46 |
--------------------------------------------------------------------------------
/examples/appconfig-hosted/README.md:
--------------------------------------------------------------------------------
1 | # Hosted AWS AppConfig Example
2 |
3 | Configuration in this directory creates:
4 |
5 | - Deactivate AWS AppConfig application
6 | - AWS AppConfig application containing:
7 | - (x2) AWS AppConfig environments (`nonprod`/`prod`)
8 | - Configuration hosted on AppConfig
9 | - Lambda validation function
10 |
11 | ## Usage
12 |
13 | To run this example you need to execute:
14 |
15 | ```bash
16 | $ terraform init
17 | $ terraform plan
18 | $ terraform apply
19 | ```
20 |
21 | Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
22 |
23 |
24 | ## Requirements
25 |
26 | | Name | Version |
27 | |------|---------|
28 | | [terraform](#requirement\_terraform) | >= 1.0 |
29 | | [archive](#requirement\_archive) | >= 2.0 |
30 | | [aws](#requirement\_aws) | >= 5.0 |
31 |
32 | ## Providers
33 |
34 | | Name | Version |
35 | |------|---------|
36 | | [archive](#provider\_archive) | >= 2.0 |
37 |
38 | ## Modules
39 |
40 | | Name | Source | Version |
41 | |------|--------|---------|
42 | | [appconfig](#module\_appconfig) | ../../ | n/a |
43 | | [appconfig\_feature\_flag](#module\_appconfig\_feature\_flag) | ../../ | n/a |
44 | | [deactivated\_appconfig](#module\_deactivated\_appconfig) | ../../ | n/a |
45 | | [validate\_lambda](#module\_validate\_lambda) | terraform-aws-modules/lambda/aws | ~> 6.0 |
46 |
47 | ## Resources
48 |
49 | | Name | Type |
50 | |------|------|
51 | | [archive_file.lambda_handler](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
52 |
53 | ## Inputs
54 |
55 | No inputs.
56 |
57 | ## Outputs
58 |
59 | | Name | Description |
60 | |------|-------------|
61 | | [application\_arn](#output\_application\_arn) | The Amazon Resource Name (ARN) of the AppConfig Application |
62 | | [application\_id](#output\_application\_id) | The AppConfig application ID |
63 | | [configuration\_profile\_arn](#output\_configuration\_profile\_arn) | The Amazon Resource Name (ARN) of the AppConfig Configuration Profile |
64 | | [configuration\_profile\_configuration\_profile\_id](#output\_configuration\_profile\_configuration\_profile\_id) | The configuration profile ID |
65 | | [configuration\_profile\_id](#output\_configuration\_profile\_id) | The AppConfig configuration profile ID and application ID separated by a colon (:) |
66 | | [deployment\_strategy\_arn](#output\_deployment\_strategy\_arn) | The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy |
67 | | [deployment\_strategy\_id](#output\_deployment\_strategy\_id) | The AppConfig deployment strategy ID |
68 | | [deployments](#output\_deployments) | The AppConfig deployments |
69 | | [environments](#output\_environments) | The AppConfig environments |
70 | | [hosted\_configuration\_version\_arn](#output\_hosted\_configuration\_version\_arn) | The Amazon Resource Name (ARN) of the AppConfig hosted configuration version |
71 | | [hosted\_configuration\_version\_id](#output\_hosted\_configuration\_version\_id) | The AppConfig application ID, configuration profile ID, and version number separated by a slash (/) |
72 | | [hosted\_configuration\_version\_version\_number](#output\_hosted\_configuration\_version\_version\_number) | The version number of the hosted configuration |
73 | | [retrieval\_role\_arn](#output\_retrieval\_role\_arn) | Amazon Resource Name (ARN) specifying the retrieval role |
74 | | [retrieval\_role\_id](#output\_retrieval\_role\_id) | Name of the retrieval role |
75 | | [retrieval\_role\_name](#output\_retrieval\_role\_name) | Name of the retrieval role |
76 | | [retrieval\_role\_policy\_arn](#output\_retrieval\_role\_policy\_arn) | The ARN assigned by AWS to the retrieval role policy |
77 | | [retrieval\_role\_policy\_id](#output\_retrieval\_role\_policy\_id) | The ARN assigned by AWS to the retrieval role policy |
78 | | [retrieval\_role\_policy\_name](#output\_retrieval\_role\_policy\_name) | The name of the policy |
79 | | [retrieval\_role\_policy\_policy](#output\_retrieval\_role\_policy\_policy) | The retrieval role policy document |
80 | | [retrieval\_role\_policy\_policy\_id](#output\_retrieval\_role\_policy\_policy\_id) | The retrieval role policy ID |
81 | | [retrieval\_role\_unique\_id](#output\_retrieval\_role\_unique\_id) | Stable and unique string identifying the retrieval role |
82 |
83 |
84 | Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-appconfig/blob/master/LICENSE).
85 |
--------------------------------------------------------------------------------
/examples/appconfig-hosted/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | locals {
6 | region = "us-east-1"
7 | name = "ex-${basename(path.cwd)}"
8 |
9 | tags = {
10 | Name = local.name
11 | Example = local.name
12 | Repository = "https://github.com/terraform-aws-modules/terraform-aws-appconfig"
13 | }
14 | }
15 |
16 | ################################################################################
17 | # AppConfig
18 | ################################################################################
19 |
20 | module "deactivated_appconfig" {
21 | source = "../../"
22 |
23 | name = local.name
24 | create = false
25 | }
26 |
27 | module "appconfig" {
28 | source = "../../"
29 |
30 | name = local.name
31 | description = "AppConfig hosted - ${local.name}"
32 |
33 | # environments
34 | environments = {
35 | nonprod = {
36 | name = "nonprod"
37 | description = "NonProd environment - ${local.name}"
38 | },
39 | prod = {
40 | name = "prod"
41 | description = "Prod environment - ${local.name}"
42 | }
43 | }
44 |
45 | # hosted config version
46 | use_hosted_configuration = true
47 | hosted_config_version_content_type = "application/json"
48 | hosted_config_version_content = file("../_configs/config.json")
49 |
50 | # configuration profile
51 | config_profile_validator = [{
52 | type = "JSON_SCHEMA"
53 | content = file("../_configs/config_validator.json")
54 | }, {
55 | type = "LAMBDA"
56 | content = module.validate_lambda.lambda_function_arn
57 | }]
58 |
59 | tags = local.tags
60 | }
61 |
62 | module "appconfig_feature_flag" {
63 | source = "../../"
64 |
65 | name = "${local.name}-feature-flag"
66 | description = "AppConfig hosted feature flag - ${local.name}"
67 |
68 | # environments
69 | environments = {
70 | nonprod = {
71 | name = "nonprod"
72 | description = "NonProd environment - ${local.name}"
73 | },
74 | prod = {
75 | name = "prod"
76 | description = "Prod environment - ${local.name}"
77 | }
78 | }
79 |
80 | # hosted config version
81 | use_hosted_configuration = true
82 | config_profile_type = "AWS.AppConfig.FeatureFlags"
83 | hosted_config_version_content_type = "application/json"
84 | hosted_config_version_content = file("../_configs/feature_flags.json")
85 |
86 | tags = local.tags
87 | }
88 |
89 | ################################################################################
90 | # Supporting Resources
91 | ################################################################################
92 |
93 | data "archive_file" "lambda_handler" {
94 | type = "zip"
95 | source_file = "../_configs/validate.py"
96 | output_path = "../_configs/validate.zip"
97 | }
98 |
99 | module "validate_lambda" {
100 | source = "terraform-aws-modules/lambda/aws"
101 | version = "~> 6.0"
102 |
103 | function_name = local.name
104 | description = "Configuration semantic validation lambda"
105 | handler = "validate.handler"
106 | runtime = "python3.9"
107 | publish = true
108 | memory_size = 512
109 | timeout = 120
110 |
111 | cloudwatch_logs_retention_in_days = 7
112 | attach_tracing_policy = true
113 | tracing_mode = "Active"
114 |
115 | create_package = false
116 | local_existing_package = data.archive_file.lambda_handler.output_path
117 |
118 | allowed_triggers = {
119 | AppConfig = {
120 | service = "appconfig"
121 | },
122 | }
123 |
124 | tags = local.tags
125 | }
126 |
--------------------------------------------------------------------------------
/examples/appconfig-hosted/outputs.tf:
--------------------------------------------------------------------------------
1 | # Application
2 | output "application_arn" {
3 | description = "The Amazon Resource Name (ARN) of the AppConfig Application"
4 | value = module.appconfig.application_arn
5 | }
6 |
7 | output "application_id" {
8 | description = "The AppConfig application ID"
9 | value = module.appconfig.application_id
10 | }
11 |
12 | # Environments
13 | output "environments" {
14 | description = "The AppConfig environments"
15 | value = module.appconfig.environments
16 | }
17 |
18 | # Configuration profile
19 | output "configuration_profile_arn" {
20 | description = "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile"
21 | value = module.appconfig.configuration_profile_arn
22 | }
23 |
24 | output "configuration_profile_configuration_profile_id" {
25 | description = "The configuration profile ID"
26 | value = module.appconfig.configuration_profile_configuration_profile_id
27 | }
28 |
29 | output "configuration_profile_id" {
30 | description = "The AppConfig configuration profile ID and application ID separated by a colon (:)"
31 | value = module.appconfig.configuration_profile_id
32 | }
33 |
34 | # Hosted configuration version
35 | output "hosted_configuration_version_arn" {
36 | description = "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version"
37 | value = module.appconfig.hosted_configuration_version_arn
38 | }
39 |
40 | output "hosted_configuration_version_id" {
41 | description = "The AppConfig application ID, configuration profile ID, and version number separated by a slash (/)"
42 | value = module.appconfig.hosted_configuration_version_id
43 | }
44 |
45 | output "hosted_configuration_version_version_number" {
46 | description = "The version number of the hosted configuration"
47 | value = module.appconfig.hosted_configuration_version_version_number
48 | }
49 |
50 | # Deployment strategy
51 | output "deployment_strategy_arn" {
52 | description = "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy"
53 | value = module.appconfig.deployment_strategy_arn
54 | }
55 |
56 | output "deployment_strategy_id" {
57 | description = "The AppConfig deployment strategy ID"
58 | value = module.appconfig.deployment_strategy_id
59 | }
60 |
61 | # Deployment
62 | output "deployments" {
63 | description = "The AppConfig deployments"
64 | value = module.appconfig.deployments
65 | }
66 |
67 | # Retrieval role
68 | output "retrieval_role_arn" {
69 | description = "Amazon Resource Name (ARN) specifying the retrieval role"
70 | value = module.appconfig.retrieval_role_arn
71 | }
72 |
73 | output "retrieval_role_id" {
74 | description = "Name of the retrieval role"
75 | value = module.appconfig.retrieval_role_id
76 | }
77 |
78 | output "retrieval_role_unique_id" {
79 | description = "Stable and unique string identifying the retrieval role"
80 | value = module.appconfig.retrieval_role_unique_id
81 | }
82 |
83 | output "retrieval_role_name" {
84 | description = "Name of the retrieval role"
85 | value = module.appconfig.retrieval_role_name
86 | }
87 |
88 | output "retrieval_role_policy_arn" {
89 | description = "The ARN assigned by AWS to the retrieval role policy"
90 | value = module.appconfig.retrieval_role_policy_arn
91 | }
92 |
93 | output "retrieval_role_policy_id" {
94 | description = "The ARN assigned by AWS to the retrieval role policy"
95 | value = module.appconfig.retrieval_role_policy_id
96 | }
97 |
98 | output "retrieval_role_policy_name" {
99 | description = "The name of the policy"
100 | value = module.appconfig.retrieval_role_policy_name
101 | }
102 |
103 | output "retrieval_role_policy_policy" {
104 | description = "The retrieval role policy document"
105 | value = module.appconfig.retrieval_role_policy_policy
106 | }
107 |
108 | output "retrieval_role_policy_policy_id" {
109 | description = "The retrieval role policy ID"
110 | value = module.appconfig.retrieval_role_policy_policy_id
111 | }
112 |
--------------------------------------------------------------------------------
/examples/appconfig-hosted/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-appconfig/a7c7a0459213c7978826534ac1eb52fa030de958/examples/appconfig-hosted/variables.tf
--------------------------------------------------------------------------------
/examples/appconfig-hosted/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.0"
8 | }
9 | archive = {
10 | source = "hashicorp/archive"
11 | version = ">= 2.0"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/examples/s3/README.md:
--------------------------------------------------------------------------------
1 | # S3 AWS AppConfig Example
2 |
3 | Configuration in this directory creates:
4 |
5 | - AWS AppConfig application containing:
6 | - (x2) AWS AppConfig environments (`nonprod`/`prod`)
7 | - Configuration stored on S3
8 | - Lambda validation function
9 |
10 | ## Usage
11 |
12 | To run this example you need to execute:
13 |
14 | ```bash
15 | $ terraform init
16 | $ terraform plan
17 | $ terraform apply
18 | ```
19 |
20 | Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
21 |
22 |
23 | ## Requirements
24 |
25 | | Name | Version |
26 | |------|---------|
27 | | [terraform](#requirement\_terraform) | >= 1.0 |
28 | | [archive](#requirement\_archive) | >= 2.0 |
29 | | [aws](#requirement\_aws) | >= 5.0 |
30 |
31 | ## Providers
32 |
33 | | Name | Version |
34 | |------|---------|
35 | | [archive](#provider\_archive) | >= 2.0 |
36 | | [aws](#provider\_aws) | >= 5.0 |
37 |
38 | ## Modules
39 |
40 | | Name | Source | Version |
41 | |------|--------|---------|
42 | | [appconfig](#module\_appconfig) | ../../ | n/a |
43 | | [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 |
44 | | [validate\_lambda](#module\_validate\_lambda) | terraform-aws-modules/lambda/aws | ~> 6.0 |
45 |
46 | ## Resources
47 |
48 | | Name | Type |
49 | |------|------|
50 | | [aws_s3_object.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_object) | resource |
51 | | [archive_file.lambda_handler](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
52 | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
53 | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
54 |
55 | ## Inputs
56 |
57 | No inputs.
58 |
59 | ## Outputs
60 |
61 | | Name | Description |
62 | |------|-------------|
63 | | [application\_arn](#output\_application\_arn) | The Amazon Resource Name (ARN) of the AppConfig Application |
64 | | [application\_id](#output\_application\_id) | The AppConfig application ID |
65 | | [configuration\_profile\_arn](#output\_configuration\_profile\_arn) | The Amazon Resource Name (ARN) of the AppConfig Configuration Profile |
66 | | [configuration\_profile\_configuration\_profile\_id](#output\_configuration\_profile\_configuration\_profile\_id) | The configuration profile ID |
67 | | [configuration\_profile\_id](#output\_configuration\_profile\_id) | The AppConfig configuration profile ID and application ID separated by a colon (:) |
68 | | [deployment\_strategy\_arn](#output\_deployment\_strategy\_arn) | The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy |
69 | | [deployment\_strategy\_id](#output\_deployment\_strategy\_id) | The AppConfig deployment strategy ID |
70 | | [deployments](#output\_deployments) | The AppConfig deployments |
71 | | [environments](#output\_environments) | The AppConfig environments |
72 | | [hosted\_configuration\_version\_arn](#output\_hosted\_configuration\_version\_arn) | The Amazon Resource Name (ARN) of the AppConfig hosted configuration version |
73 | | [hosted\_configuration\_version\_id](#output\_hosted\_configuration\_version\_id) | The AppConfig application ID, configuration profile ID, and version number separated by a slash (/) |
74 | | [hosted\_configuration\_version\_version\_number](#output\_hosted\_configuration\_version\_version\_number) | The version number of the hosted configuration |
75 | | [retrieval\_role\_arn](#output\_retrieval\_role\_arn) | Amazon Resource Name (ARN) specifying the retrieval role |
76 | | [retrieval\_role\_id](#output\_retrieval\_role\_id) | Name of the retrieval role |
77 | | [retrieval\_role\_name](#output\_retrieval\_role\_name) | Name of the retrieval role |
78 | | [retrieval\_role\_policy\_arn](#output\_retrieval\_role\_policy\_arn) | The ARN assigned by AWS to the retrieval role policy |
79 | | [retrieval\_role\_policy\_id](#output\_retrieval\_role\_policy\_id) | The ARN assigned by AWS to the retrieval role policy |
80 | | [retrieval\_role\_policy\_name](#output\_retrieval\_role\_policy\_name) | The name of the policy |
81 | | [retrieval\_role\_policy\_policy](#output\_retrieval\_role\_policy\_policy) | The retrieval role policy document |
82 | | [retrieval\_role\_policy\_policy\_id](#output\_retrieval\_role\_policy\_policy\_id) | The retrieval role policy ID |
83 | | [retrieval\_role\_unique\_id](#output\_retrieval\_role\_unique\_id) | Stable and unique string identifying the retrieval role |
84 |
85 |
86 | Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-appconfig/blob/master/LICENSE).
87 |
--------------------------------------------------------------------------------
/examples/s3/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | locals {
6 | region = "us-east-1"
7 | name = "ex-${basename(path.cwd)}"
8 |
9 | tags = {
10 | Name = local.name
11 | Example = local.name
12 | Repository = "https://github.com/terraform-aws-modules/terraform-aws-appconfig"
13 | }
14 | }
15 |
16 | data "aws_region" "current" {}
17 | data "aws_caller_identity" "current" {}
18 |
19 | ################################################################################
20 | # AppConfig
21 | ################################################################################
22 |
23 | module "appconfig" {
24 | source = "../../"
25 |
26 | name = local.name
27 | description = "S3 - ${local.name}"
28 |
29 | # environments
30 | environments = {
31 | nonprod = {
32 | name = "nonprod"
33 | description = "NonProd environment - ${local.name}"
34 | },
35 | prod = {
36 | name = "prod"
37 | description = "Prod environment - ${local.name}"
38 | }
39 | }
40 |
41 | # configuration profile
42 | use_s3_configuration = true
43 | s3_configuration_bucket_arn = module.s3_bucket.s3_bucket_arn
44 | retrieval_role_description = "Role to retrieve configuration stored in S3"
45 | config_profile_location_uri = "s3://${module.s3_bucket.s3_bucket_id}/${aws_s3_object.config.id}"
46 | config_profile_validator = [{
47 | type = "JSON_SCHEMA"
48 | content = file("../_configs/config_validator.json")
49 | }, {
50 | type = "LAMBDA"
51 | content = module.validate_lambda.lambda_function_arn
52 | }]
53 |
54 | # deployment
55 | deployment_configuration_version = aws_s3_object.config.version_id
56 |
57 | tags = local.tags
58 | }
59 |
60 | ################################################################################
61 | # Supporting Resources
62 | ################################################################################
63 |
64 | data "archive_file" "lambda_handler" {
65 | type = "zip"
66 | source_file = "../_configs/validate.py"
67 | output_path = "../_configs/validate.zip"
68 | }
69 |
70 | module "validate_lambda" {
71 | source = "terraform-aws-modules/lambda/aws"
72 | version = "~> 6.0"
73 |
74 | function_name = local.name
75 | description = "Configuration semantic validation lambda"
76 | handler = "validate.handler"
77 | runtime = "python3.9"
78 | publish = true
79 | memory_size = 512
80 | timeout = 120
81 |
82 | cloudwatch_logs_retention_in_days = 7
83 | attach_tracing_policy = true
84 | tracing_mode = "Active"
85 |
86 | create_package = false
87 | local_existing_package = data.archive_file.lambda_handler.output_path
88 |
89 | allowed_triggers = {
90 | AppConfig = {
91 | service = "appconfig"
92 | },
93 | }
94 |
95 | tags = local.tags
96 | }
97 |
98 | module "s3_bucket" {
99 | source = "terraform-aws-modules/s3-bucket/aws"
100 | version = "~> 3.0"
101 |
102 | bucket = "${local.name}-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
103 | acl = "private"
104 |
105 | attach_deny_insecure_transport_policy = true
106 |
107 | # Intended for example use only
108 | force_destroy = true
109 |
110 | server_side_encryption_configuration = {
111 | rule = {
112 | apply_server_side_encryption_by_default = {
113 | sse_algorithm = "AES256"
114 | }
115 | }
116 | }
117 |
118 | versioning = {
119 | enabled = true
120 | }
121 |
122 | tags = local.tags
123 | }
124 |
125 | resource "aws_s3_object" "config" {
126 | bucket = module.s3_bucket.s3_bucket_id
127 | key = "s3/config.json"
128 | source = "../_configs/config.json"
129 | etag = filemd5("../_configs/config.json")
130 | server_side_encryption = "AES256"
131 |
132 | tags = local.tags
133 | }
134 |
--------------------------------------------------------------------------------
/examples/s3/outputs.tf:
--------------------------------------------------------------------------------
1 | # Application
2 | output "application_arn" {
3 | description = "The Amazon Resource Name (ARN) of the AppConfig Application"
4 | value = module.appconfig.application_arn
5 | }
6 |
7 | output "application_id" {
8 | description = "The AppConfig application ID"
9 | value = module.appconfig.application_id
10 | }
11 |
12 | # Environments
13 | output "environments" {
14 | description = "The AppConfig environments"
15 | value = module.appconfig.environments
16 | }
17 |
18 | # Configuration profile
19 | output "configuration_profile_arn" {
20 | description = "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile"
21 | value = module.appconfig.configuration_profile_arn
22 | }
23 |
24 | output "configuration_profile_configuration_profile_id" {
25 | description = "The configuration profile ID"
26 | value = module.appconfig.configuration_profile_configuration_profile_id
27 | }
28 |
29 | output "configuration_profile_id" {
30 | description = "The AppConfig configuration profile ID and application ID separated by a colon (:)"
31 | value = module.appconfig.configuration_profile_id
32 | }
33 |
34 | # Hosted configuration version
35 | output "hosted_configuration_version_arn" {
36 | description = "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version"
37 | value = module.appconfig.hosted_configuration_version_arn
38 | }
39 |
40 | output "hosted_configuration_version_id" {
41 | description = "The AppConfig application ID, configuration profile ID, and version number separated by a slash (/)"
42 | value = module.appconfig.hosted_configuration_version_id
43 | }
44 |
45 | output "hosted_configuration_version_version_number" {
46 | description = "The version number of the hosted configuration"
47 | value = module.appconfig.hosted_configuration_version_version_number
48 | }
49 |
50 | # Deployment strategy
51 | output "deployment_strategy_arn" {
52 | description = "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy"
53 | value = module.appconfig.deployment_strategy_arn
54 | }
55 |
56 | output "deployment_strategy_id" {
57 | description = "The AppConfig deployment strategy ID"
58 | value = module.appconfig.deployment_strategy_id
59 | }
60 |
61 | # Deployment
62 | output "deployments" {
63 | description = "The AppConfig deployments"
64 | value = module.appconfig.deployments
65 | }
66 |
67 | # Retrieval role
68 | output "retrieval_role_arn" {
69 | description = "Amazon Resource Name (ARN) specifying the retrieval role"
70 | value = module.appconfig.retrieval_role_arn
71 | }
72 |
73 | output "retrieval_role_id" {
74 | description = "Name of the retrieval role"
75 | value = module.appconfig.retrieval_role_id
76 | }
77 |
78 | output "retrieval_role_unique_id" {
79 | description = "Stable and unique string identifying the retrieval role"
80 | value = module.appconfig.retrieval_role_unique_id
81 | }
82 |
83 | output "retrieval_role_name" {
84 | description = "Name of the retrieval role"
85 | value = module.appconfig.retrieval_role_name
86 | }
87 |
88 | output "retrieval_role_policy_arn" {
89 | description = "The ARN assigned by AWS to the retrieval role policy"
90 | value = module.appconfig.retrieval_role_policy_arn
91 | }
92 |
93 | output "retrieval_role_policy_id" {
94 | description = "The ARN assigned by AWS to the retrieval role policy"
95 | value = module.appconfig.retrieval_role_policy_id
96 | }
97 |
98 | output "retrieval_role_policy_name" {
99 | description = "The name of the policy"
100 | value = module.appconfig.retrieval_role_policy_name
101 | }
102 |
103 | output "retrieval_role_policy_policy" {
104 | description = "The retrieval role policy document"
105 | value = module.appconfig.retrieval_role_policy_policy
106 | }
107 |
108 | output "retrieval_role_policy_policy_id" {
109 | description = "The retrieval role policy ID"
110 | value = module.appconfig.retrieval_role_policy_policy_id
111 | }
112 |
--------------------------------------------------------------------------------
/examples/s3/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-appconfig/a7c7a0459213c7978826534ac1eb52fa030de958/examples/s3/variables.tf
--------------------------------------------------------------------------------
/examples/s3/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.0"
8 | }
9 | archive = {
10 | source = "hashicorp/archive"
11 | version = ">= 2.0"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/examples/ssm-document/README.md:
--------------------------------------------------------------------------------
1 | # SSM Document AWS AppConfig Example
2 |
3 | ### :warning: Note - this example does work at this time due to the Terraform AWS provider lacking support for AppConfig using an SSM Document
4 |
5 | Configuration in this directory creates:
6 |
7 | - AWS AppConfig application containing (x2) AWS AppConfig environments (`nonprod`/`prod`) with configuration stored in an SSM Document
8 |
9 | ## Usage
10 |
11 | To run this example you need to execute:
12 |
13 | ```bash
14 | $ terraform init
15 | $ terraform plan
16 | $ terraform apply
17 | ```
18 |
19 | Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
20 |
21 |
22 | ## Requirements
23 |
24 | | Name | Version |
25 | |------|---------|
26 | | [terraform](#requirement\_terraform) | >= 1.0 |
27 | | [aws](#requirement\_aws) | >= 5.0 |
28 |
29 | ## Providers
30 |
31 | | Name | Version |
32 | |------|---------|
33 | | [aws](#provider\_aws) | >= 5.0 |
34 |
35 | ## Modules
36 |
37 | | Name | Source | Version |
38 | |------|--------|---------|
39 | | [appconfig](#module\_appconfig) | ../../ | n/a |
40 |
41 | ## Resources
42 |
43 | | Name | Type |
44 | |------|------|
45 | | [aws_ssm_document.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document) | resource |
46 | | [aws_ssm_document.config_schema](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_document) | resource |
47 |
48 | ## Inputs
49 |
50 | No inputs.
51 |
52 | ## Outputs
53 |
54 | | Name | Description |
55 | |------|-------------|
56 | | [application\_arn](#output\_application\_arn) | The Amazon Resource Name (ARN) of the AppConfig Application |
57 | | [application\_id](#output\_application\_id) | The AppConfig application ID |
58 | | [configuration\_profile\_arn](#output\_configuration\_profile\_arn) | The Amazon Resource Name (ARN) of the AppConfig Configuration Profile |
59 | | [configuration\_profile\_configuration\_profile\_id](#output\_configuration\_profile\_configuration\_profile\_id) | The configuration profile ID |
60 | | [configuration\_profile\_id](#output\_configuration\_profile\_id) | The AppConfig configuration profile ID and application ID separated by a colon (:) |
61 | | [deployment\_strategy\_arn](#output\_deployment\_strategy\_arn) | The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy |
62 | | [deployment\_strategy\_id](#output\_deployment\_strategy\_id) | The AppConfig deployment strategy ID |
63 | | [deployments](#output\_deployments) | The AppConfig deployments |
64 | | [environments](#output\_environments) | The AppConfig environments |
65 | | [hosted\_configuration\_version\_arn](#output\_hosted\_configuration\_version\_arn) | The Amazon Resource Name (ARN) of the AppConfig hosted configuration version |
66 | | [hosted\_configuration\_version\_id](#output\_hosted\_configuration\_version\_id) | The AppConfig application ID, configuration profile ID, and version number separated by a slash (/) |
67 | | [hosted\_configuration\_version\_version\_number](#output\_hosted\_configuration\_version\_version\_number) | The version number of the hosted configuration |
68 | | [retrieval\_role\_arn](#output\_retrieval\_role\_arn) | Amazon Resource Name (ARN) specifying the retrieval role |
69 | | [retrieval\_role\_id](#output\_retrieval\_role\_id) | Name of the retrieval role |
70 | | [retrieval\_role\_name](#output\_retrieval\_role\_name) | Name of the retrieval role |
71 | | [retrieval\_role\_policy\_arn](#output\_retrieval\_role\_policy\_arn) | The ARN assigned by AWS to the retrieval role policy |
72 | | [retrieval\_role\_policy\_id](#output\_retrieval\_role\_policy\_id) | The ARN assigned by AWS to the retrieval role policy |
73 | | [retrieval\_role\_policy\_name](#output\_retrieval\_role\_policy\_name) | The name of the policy |
74 | | [retrieval\_role\_policy\_policy](#output\_retrieval\_role\_policy\_policy) | The retrieval role policy document |
75 | | [retrieval\_role\_policy\_policy\_id](#output\_retrieval\_role\_policy\_policy\_id) | The retrieval role policy ID |
76 | | [retrieval\_role\_unique\_id](#output\_retrieval\_role\_unique\_id) | Stable and unique string identifying the retrieval role |
77 |
78 |
79 | Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-appconfig/blob/master/LICENSE).
80 |
--------------------------------------------------------------------------------
/examples/ssm-document/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | locals {
6 | region = "us-east-1"
7 | name = "ex-${basename(path.cwd)}"
8 |
9 | tags = {
10 | Name = local.name
11 | Example = local.name
12 | Repository = "https://github.com/terraform-aws-modules/terraform-aws-appconfig"
13 | }
14 | }
15 |
16 | ################################################################################
17 | # AppConfig
18 | ################################################################################
19 |
20 | module "appconfig" {
21 | source = "../../"
22 |
23 | name = local.name
24 | description = "SSM Document - ${local.name}"
25 |
26 | # environments
27 | environments = {
28 | nonprod = {
29 | name = "nonprod"
30 | description = "NonProd environment - ${local.name}"
31 | },
32 | prod = {
33 | name = "prod"
34 | description = "Prod environment - ${local.name}"
35 | }
36 | }
37 |
38 | # configuration profile
39 | use_ssm_document_configuration = true
40 | ssm_document_configuration_arn = aws_ssm_document.config.arn
41 | retrieval_role_description = "Role to retrieve configuration stored in SSM document"
42 | config_profile_location_uri = "ssm-document://${aws_ssm_document.config.name}"
43 | config_profile_validator = [{
44 | type = "JSON_SCHEMA"
45 | content = aws_ssm_document.config_schema.content
46 | }]
47 |
48 | # deployment
49 | deployment_configuration_version = aws_ssm_document.config.latest_version
50 |
51 | tags = local.tags
52 | }
53 |
54 | ################################################################################
55 | # Supporting Resources
56 | ################################################################################
57 |
58 | resource "aws_ssm_document" "config_schema" {
59 | name = local.name
60 | content = file("../_configs/config_validator.json")
61 | document_format = "JSON"
62 | document_type = "ApplicationConfigurationSchema"
63 |
64 | tags = local.tags
65 | }
66 |
67 | resource "aws_ssm_document" "config" {
68 | name = local.name
69 | content = file("../_configs/config.json")
70 | document_format = "JSON"
71 | document_type = "ApplicationConfiguration"
72 | # NOTE - this does not work - it is not supported in the AWS provider yet
73 | # However, the AWS API requires something like this
74 | # document_requires = [{
75 | # name = aws_ssm_document.config_schema.name
76 | # version = aws_ssm_document.config_schema.latest_version
77 | # }]
78 |
79 | tags = local.tags
80 | }
81 |
--------------------------------------------------------------------------------
/examples/ssm-document/outputs.tf:
--------------------------------------------------------------------------------
1 | # Application
2 | output "application_arn" {
3 | description = "The Amazon Resource Name (ARN) of the AppConfig Application"
4 | value = module.appconfig.application_arn
5 | }
6 |
7 | output "application_id" {
8 | description = "The AppConfig application ID"
9 | value = module.appconfig.application_id
10 | }
11 |
12 | # Environments
13 | output "environments" {
14 | description = "The AppConfig environments"
15 | value = module.appconfig.environments
16 | }
17 |
18 | # Configuration profile
19 | output "configuration_profile_arn" {
20 | description = "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile"
21 | value = module.appconfig.configuration_profile_arn
22 | }
23 |
24 | output "configuration_profile_configuration_profile_id" {
25 | description = "The configuration profile ID"
26 | value = module.appconfig.configuration_profile_configuration_profile_id
27 | }
28 |
29 | output "configuration_profile_id" {
30 | description = "The AppConfig configuration profile ID and application ID separated by a colon (:)"
31 | value = module.appconfig.configuration_profile_id
32 | }
33 |
34 | # Hosted configuration version
35 | output "hosted_configuration_version_arn" {
36 | description = "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version"
37 | value = module.appconfig.hosted_configuration_version_arn
38 | }
39 |
40 | output "hosted_configuration_version_id" {
41 | description = "The AppConfig application ID, configuration profile ID, and version number separated by a slash (/)"
42 | value = module.appconfig.hosted_configuration_version_id
43 | }
44 |
45 | output "hosted_configuration_version_version_number" {
46 | description = "The version number of the hosted configuration"
47 | value = module.appconfig.hosted_configuration_version_version_number
48 | }
49 |
50 | # Deployment strategy
51 | output "deployment_strategy_arn" {
52 | description = "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy"
53 | value = module.appconfig.deployment_strategy_arn
54 | }
55 |
56 | output "deployment_strategy_id" {
57 | description = "The AppConfig deployment strategy ID"
58 | value = module.appconfig.deployment_strategy_id
59 | }
60 |
61 | # Deployment
62 | output "deployments" {
63 | description = "The AppConfig deployments"
64 | value = module.appconfig.deployments
65 | }
66 |
67 | # Retrieval role
68 | output "retrieval_role_arn" {
69 | description = "Amazon Resource Name (ARN) specifying the retrieval role"
70 | value = module.appconfig.retrieval_role_arn
71 | }
72 |
73 | output "retrieval_role_id" {
74 | description = "Name of the retrieval role"
75 | value = module.appconfig.retrieval_role_id
76 | }
77 |
78 | output "retrieval_role_unique_id" {
79 | description = "Stable and unique string identifying the retrieval role"
80 | value = module.appconfig.retrieval_role_unique_id
81 | }
82 |
83 | output "retrieval_role_name" {
84 | description = "Name of the retrieval role"
85 | value = module.appconfig.retrieval_role_name
86 | }
87 |
88 | output "retrieval_role_policy_arn" {
89 | description = "The ARN assigned by AWS to the retrieval role policy"
90 | value = module.appconfig.retrieval_role_policy_arn
91 | }
92 |
93 | output "retrieval_role_policy_id" {
94 | description = "The ARN assigned by AWS to the retrieval role policy"
95 | value = module.appconfig.retrieval_role_policy_id
96 | }
97 |
98 | output "retrieval_role_policy_name" {
99 | description = "The name of the policy"
100 | value = module.appconfig.retrieval_role_policy_name
101 | }
102 |
103 | output "retrieval_role_policy_policy" {
104 | description = "The retrieval role policy document"
105 | value = module.appconfig.retrieval_role_policy_policy
106 | }
107 |
108 | output "retrieval_role_policy_policy_id" {
109 | description = "The retrieval role policy ID"
110 | value = module.appconfig.retrieval_role_policy_policy_id
111 | }
112 |
--------------------------------------------------------------------------------
/examples/ssm-document/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-appconfig/a7c7a0459213c7978826534ac1eb52fa030de958/examples/ssm-document/variables.tf
--------------------------------------------------------------------------------
/examples/ssm-document/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------
/examples/ssm-parameter/README.md:
--------------------------------------------------------------------------------
1 | # SSM Parameter AWS AppConfig Example
2 |
3 | Configuration in this directory creates:
4 |
5 | - AWS AppConfig application containing:
6 | - (x2) AWS AppConfig environments (`nonprod`/`prod`)
7 | - Configuration stored in an SSM Parameter
8 | - Lambda validation function
9 |
10 | ## Usage
11 |
12 | To run this example you need to execute:
13 |
14 | ```bash
15 | $ terraform init
16 | $ terraform plan
17 | $ terraform apply
18 | ```
19 |
20 | Note that this example may create resources which will incur monetary charges on your AWS bill. Run `terraform destroy` when you no longer need these resources.
21 |
22 |
23 | ## Requirements
24 |
25 | | Name | Version |
26 | |------|---------|
27 | | [terraform](#requirement\_terraform) | >= 1.0 |
28 | | [archive](#requirement\_archive) | >= 2.0 |
29 | | [aws](#requirement\_aws) | >= 5.0 |
30 |
31 | ## Providers
32 |
33 | | Name | Version |
34 | |------|---------|
35 | | [archive](#provider\_archive) | >= 2.0 |
36 | | [aws](#provider\_aws) | >= 5.0 |
37 |
38 | ## Modules
39 |
40 | | Name | Source | Version |
41 | |------|--------|---------|
42 | | [appconfig](#module\_appconfig) | ../../ | n/a |
43 | | [validate\_lambda](#module\_validate\_lambda) | terraform-aws-modules/lambda/aws | ~> 6.0 |
44 |
45 | ## Resources
46 |
47 | | Name | Type |
48 | |------|------|
49 | | [aws_ssm_parameter.config](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter) | resource |
50 | | [archive_file.lambda_handler](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
51 |
52 | ## Inputs
53 |
54 | No inputs.
55 |
56 | ## Outputs
57 |
58 | | Name | Description |
59 | |------|-------------|
60 | | [application\_arn](#output\_application\_arn) | The Amazon Resource Name (ARN) of the AppConfig Application |
61 | | [application\_id](#output\_application\_id) | The AppConfig application ID |
62 | | [configuration\_profile\_arn](#output\_configuration\_profile\_arn) | The Amazon Resource Name (ARN) of the AppConfig Configuration Profile |
63 | | [configuration\_profile\_configuration\_profile\_id](#output\_configuration\_profile\_configuration\_profile\_id) | The configuration profile ID |
64 | | [configuration\_profile\_id](#output\_configuration\_profile\_id) | The AppConfig configuration profile ID and application ID separated by a colon (:) |
65 | | [deployment\_strategy\_arn](#output\_deployment\_strategy\_arn) | The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy |
66 | | [deployment\_strategy\_id](#output\_deployment\_strategy\_id) | The AppConfig deployment strategy ID |
67 | | [deployments](#output\_deployments) | The AppConfig deployments |
68 | | [environments](#output\_environments) | The AppConfig environments |
69 | | [hosted\_configuration\_version\_arn](#output\_hosted\_configuration\_version\_arn) | The Amazon Resource Name (ARN) of the AppConfig hosted configuration version |
70 | | [hosted\_configuration\_version\_id](#output\_hosted\_configuration\_version\_id) | The AppConfig application ID, configuration profile ID, and version number separated by a slash (/) |
71 | | [hosted\_configuration\_version\_version\_number](#output\_hosted\_configuration\_version\_version\_number) | The version number of the hosted configuration |
72 | | [retrieval\_role\_arn](#output\_retrieval\_role\_arn) | Amazon Resource Name (ARN) specifying the retrieval role |
73 | | [retrieval\_role\_id](#output\_retrieval\_role\_id) | Name of the retrieval role |
74 | | [retrieval\_role\_name](#output\_retrieval\_role\_name) | Name of the retrieval role |
75 | | [retrieval\_role\_policy\_arn](#output\_retrieval\_role\_policy\_arn) | The ARN assigned by AWS to the retrieval role policy |
76 | | [retrieval\_role\_policy\_id](#output\_retrieval\_role\_policy\_id) | The ARN assigned by AWS to the retrieval role policy |
77 | | [retrieval\_role\_policy\_name](#output\_retrieval\_role\_policy\_name) | The name of the policy |
78 | | [retrieval\_role\_policy\_policy](#output\_retrieval\_role\_policy\_policy) | The retrieval role policy document |
79 | | [retrieval\_role\_policy\_policy\_id](#output\_retrieval\_role\_policy\_policy\_id) | The retrieval role policy ID |
80 | | [retrieval\_role\_unique\_id](#output\_retrieval\_role\_unique\_id) | Stable and unique string identifying the retrieval role |
81 |
82 |
83 | Apache-2.0 Licensed. See [LICENSE](https://github.com/terraform-aws-modules/terraform-aws-appconfig/blob/master/LICENSE).
84 |
--------------------------------------------------------------------------------
/examples/ssm-parameter/main.tf:
--------------------------------------------------------------------------------
1 | provider "aws" {
2 | region = local.region
3 | }
4 |
5 | locals {
6 | region = "us-east-1"
7 | name = "ex-${basename(path.cwd)}"
8 |
9 | tags = {
10 | Name = local.name
11 | Example = local.name
12 | Repository = "https://github.com/terraform-aws-modules/terraform-aws-appconfig"
13 | }
14 | }
15 |
16 | ################################################################################
17 | # AppConfig
18 | ################################################################################
19 |
20 | module "appconfig" {
21 | source = "../../"
22 |
23 | name = local.name
24 | description = "SSM Parameter - ${local.name}"
25 |
26 | # environments
27 | environments = {
28 | nonprod = {
29 | name = "nonprod"
30 | description = "NonProd environment - ${local.name}"
31 | },
32 | prod = {
33 | name = "prod"
34 | description = "Prod environment - ${local.name}"
35 | }
36 | }
37 |
38 | # configuration profile
39 | use_ssm_parameter_configuration = true
40 | ssm_parameter_configuration_arn = aws_ssm_parameter.config.arn
41 | retrieval_role_description = "Role to retrieve configuration stored in SSM parameter"
42 | config_profile_location_uri = "ssm-parameter://${aws_ssm_parameter.config.name}"
43 | config_profile_validator = [{
44 | # # SSM parameters do not require a validation method, but it is recommended that you create a validation check
45 | # # for new or updated SSM parameter configurations by using AWS Lambda.
46 | # type = "JSON_SCHEMA"
47 | # content = file("../_configs/config_validator.json")
48 | # }, {
49 | type = "LAMBDA"
50 | content = module.validate_lambda.lambda_function_arn
51 | }]
52 |
53 | # deployment
54 | deployment_configuration_version = aws_ssm_parameter.config.version
55 |
56 | tags = local.tags
57 | }
58 |
59 | ################################################################################
60 | # Supporting Resources
61 | ################################################################################
62 |
63 | data "archive_file" "lambda_handler" {
64 | type = "zip"
65 | source_file = "../_configs/validate.py"
66 | output_path = "../_configs/validate.zip"
67 | }
68 |
69 | module "validate_lambda" {
70 | source = "terraform-aws-modules/lambda/aws"
71 | version = "~> 6.0"
72 |
73 | function_name = local.name
74 | description = "Configuration semantic validation lambda"
75 | handler = "validate.handler"
76 | runtime = "python3.9"
77 | publish = true
78 | memory_size = 512
79 | timeout = 120
80 |
81 | cloudwatch_logs_retention_in_days = 7
82 | attach_tracing_policy = true
83 | tracing_mode = "Active"
84 |
85 | create_package = false
86 | local_existing_package = data.archive_file.lambda_handler.output_path
87 |
88 | allowed_triggers = {
89 | AppConfig = {
90 | service = "appconfig"
91 | },
92 | }
93 |
94 | tags = local.tags
95 | }
96 |
97 | resource "aws_ssm_parameter" "config" {
98 | name = local.name
99 | description = "Example SSM parameter for ${local.name}"
100 |
101 | type = "String"
102 | value = jsonencode(file("../_configs/config.json"))
103 |
104 | tags = local.tags
105 | }
106 |
--------------------------------------------------------------------------------
/examples/ssm-parameter/outputs.tf:
--------------------------------------------------------------------------------
1 | # Application
2 | output "application_arn" {
3 | description = "The Amazon Resource Name (ARN) of the AppConfig Application"
4 | value = module.appconfig.application_arn
5 | }
6 |
7 | output "application_id" {
8 | description = "The AppConfig application ID"
9 | value = module.appconfig.application_id
10 | }
11 |
12 | # Environments
13 | output "environments" {
14 | description = "The AppConfig environments"
15 | value = module.appconfig.environments
16 | }
17 |
18 | # Configuration profile
19 | output "configuration_profile_arn" {
20 | description = "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile"
21 | value = module.appconfig.configuration_profile_arn
22 | }
23 |
24 | output "configuration_profile_configuration_profile_id" {
25 | description = "The configuration profile ID"
26 | value = module.appconfig.configuration_profile_configuration_profile_id
27 | }
28 |
29 | output "configuration_profile_id" {
30 | description = "The AppConfig configuration profile ID and application ID separated by a colon (:)"
31 | value = module.appconfig.configuration_profile_id
32 | }
33 |
34 | # Hosted configuration version
35 | output "hosted_configuration_version_arn" {
36 | description = "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version"
37 | value = module.appconfig.hosted_configuration_version_arn
38 | }
39 |
40 | output "hosted_configuration_version_id" {
41 | description = "The AppConfig application ID, configuration profile ID, and version number separated by a slash (/)"
42 | value = module.appconfig.hosted_configuration_version_id
43 | }
44 |
45 | output "hosted_configuration_version_version_number" {
46 | description = "The version number of the hosted configuration"
47 | value = module.appconfig.hosted_configuration_version_version_number
48 | }
49 |
50 | # Deployment strategy
51 | output "deployment_strategy_arn" {
52 | description = "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy"
53 | value = module.appconfig.deployment_strategy_arn
54 | }
55 |
56 | output "deployment_strategy_id" {
57 | description = "The AppConfig deployment strategy ID"
58 | value = module.appconfig.deployment_strategy_id
59 | }
60 |
61 | # Deployment
62 | output "deployments" {
63 | description = "The AppConfig deployments"
64 | value = module.appconfig.deployments
65 | }
66 |
67 | # Retrieval role
68 | output "retrieval_role_arn" {
69 | description = "Amazon Resource Name (ARN) specifying the retrieval role"
70 | value = module.appconfig.retrieval_role_arn
71 | }
72 |
73 | output "retrieval_role_id" {
74 | description = "Name of the retrieval role"
75 | value = module.appconfig.retrieval_role_id
76 | }
77 |
78 | output "retrieval_role_unique_id" {
79 | description = "Stable and unique string identifying the retrieval role"
80 | value = module.appconfig.retrieval_role_unique_id
81 | }
82 |
83 | output "retrieval_role_name" {
84 | description = "Name of the retrieval role"
85 | value = module.appconfig.retrieval_role_name
86 | }
87 |
88 | output "retrieval_role_policy_arn" {
89 | description = "The ARN assigned by AWS to the retrieval role policy"
90 | value = module.appconfig.retrieval_role_policy_arn
91 | }
92 |
93 | output "retrieval_role_policy_id" {
94 | description = "The ARN assigned by AWS to the retrieval role policy"
95 | value = module.appconfig.retrieval_role_policy_id
96 | }
97 |
98 | output "retrieval_role_policy_name" {
99 | description = "The name of the policy"
100 | value = module.appconfig.retrieval_role_policy_name
101 | }
102 |
103 | output "retrieval_role_policy_policy" {
104 | description = "The retrieval role policy document"
105 | value = module.appconfig.retrieval_role_policy_policy
106 | }
107 |
108 | output "retrieval_role_policy_policy_id" {
109 | description = "The retrieval role policy ID"
110 | value = module.appconfig.retrieval_role_policy_policy_id
111 | }
112 |
--------------------------------------------------------------------------------
/examples/ssm-parameter/variables.tf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/terraform-aws-modules/terraform-aws-appconfig/a7c7a0459213c7978826534ac1eb52fa030de958/examples/ssm-parameter/variables.tf
--------------------------------------------------------------------------------
/examples/ssm-parameter/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.0"
8 | }
9 | archive = {
10 | source = "hashicorp/archive"
11 | version = ">= 2.0"
12 | }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/main.tf:
--------------------------------------------------------------------------------
1 | locals {
2 | retrieval_role_arn = var.create_retrieval_role ? try(aws_iam_role.retrieval[0].arn, null) : var.config_profile_retrieval_role_arn
3 | retrieval_role_name = var.retrieval_role_use_name_prefix ? null : coalesce(var.retrieval_role_name, var.name)
4 | retrieval_role_name_prefix = var.retrieval_role_use_name_prefix ? "${coalesce(var.retrieval_role_name, var.name)}-" : null
5 | }
6 |
7 | resource "aws_appconfig_application" "this" {
8 | count = var.create ? 1 : 0
9 |
10 | name = var.name
11 | description = var.description
12 |
13 | # Hack to ensure permissions are available before config is retrieved by deployment
14 | depends_on = [
15 | aws_iam_role_policy_attachment.retrieval,
16 | ]
17 |
18 | # Hack to ensure permissions are available before config is retrieved by deployment
19 | provisioner "local-exec" {
20 | command = "sleep 10"
21 | }
22 |
23 | tags = var.tags
24 | }
25 |
26 | resource "aws_appconfig_environment" "this" {
27 | for_each = { for k, v in var.environments : k => v if var.create }
28 |
29 | name = lookup(each.value, "name", var.name)
30 | description = lookup(each.value, "description", var.description)
31 | application_id = aws_appconfig_application.this[0].id
32 |
33 | dynamic "monitor" {
34 | for_each = lookup(each.value, "monitor", {})
35 | content {
36 | alarm_arn = monitor.value.alarm_arn
37 | alarm_role_arn = lookup(monitor.value, "alarm_role_arn", null)
38 | }
39 | }
40 |
41 | tags = merge(var.tags, lookup(each.value, "tags", {}))
42 | }
43 |
44 | resource "aws_appconfig_configuration_profile" "this" {
45 | count = var.create ? 1 : 0
46 |
47 | application_id = aws_appconfig_application.this[0].id
48 |
49 | name = coalesce(var.config_profile_name, var.name)
50 | description = coalesce(var.config_profile_description, var.description)
51 | type = var.config_profile_type
52 |
53 | location_uri = var.config_profile_location_uri
54 | retrieval_role_arn = var.use_hosted_configuration ? null : local.retrieval_role_arn
55 |
56 | dynamic "validator" {
57 | for_each = var.config_profile_validator
58 | content {
59 | content = lookup(validator.value, "content", null)
60 | type = lookup(validator.value, "type", null)
61 | }
62 | }
63 |
64 | tags = merge(var.tags, var.config_profile_tags)
65 | }
66 |
67 | resource "aws_appconfig_hosted_configuration_version" "this" {
68 | count = var.create && var.use_hosted_configuration ? 1 : 0
69 |
70 | application_id = aws_appconfig_application.this[0].id
71 | configuration_profile_id = aws_appconfig_configuration_profile.this[0].configuration_profile_id
72 |
73 | description = coalesce(var.hosted_config_version_description, var.description)
74 |
75 | content = var.hosted_config_version_content
76 | content_type = var.hosted_config_version_content_type
77 | }
78 |
79 | resource "aws_appconfig_deployment_strategy" "this" {
80 | count = var.create && var.create_deployment_strategy ? 1 : 0
81 |
82 | name = coalesce(var.deployment_strategy_name, var.name)
83 | description = coalesce(var.deployment_strategy_description, var.description)
84 |
85 | deployment_duration_in_minutes = var.deployment_strategy_deployment_duration_in_minutes
86 | final_bake_time_in_minutes = var.deployment_strategy_final_bake_time_in_minutes
87 | growth_factor = var.deployment_strategy_growth_factor
88 | growth_type = var.deployment_strategy_growth_type
89 | replicate_to = var.deployment_strategy_replicate_to
90 |
91 | tags = merge(var.tags, var.deployment_strategy_tags)
92 | }
93 |
94 | resource "aws_appconfig_deployment" "this" {
95 | for_each = var.create && (var.deployment_configuration_version != null) ? var.environments : {}
96 |
97 | description = coalesce(var.deployment_description, var.description)
98 | application_id = aws_appconfig_application.this[0].id
99 | configuration_profile_id = aws_appconfig_configuration_profile.this[0].configuration_profile_id
100 | configuration_version = var.use_hosted_configuration ? aws_appconfig_hosted_configuration_version.this[0].version_number : var.deployment_configuration_version
101 | deployment_strategy_id = var.create_deployment_strategy ? aws_appconfig_deployment_strategy.this[0].id : var.deployment_strategy_id
102 | environment_id = aws_appconfig_environment.this[each.key].environment_id
103 |
104 | tags = merge(var.tags, var.deployment_tags)
105 | }
106 |
107 | ################################################################################
108 | # Configuration retrieval role
109 | ################################################################################
110 |
111 | data "aws_iam_policy_document" "retrieval_ssm_parameter" {
112 | count = var.create && var.create_retrieval_role && var.use_ssm_parameter_configuration ? 1 : 0
113 |
114 | statement {
115 | sid = "SsmParameterConfig"
116 | actions = ["ssm:GetParameter"]
117 | resources = [var.ssm_parameter_configuration_arn]
118 | }
119 | }
120 |
121 | data "aws_iam_policy_document" "retrieval_ssm_document" {
122 | count = var.create && var.create_retrieval_role && var.use_ssm_document_configuration ? 1 : 0
123 |
124 | statement {
125 | sid = "SsmDocumentConfig"
126 | actions = ["ssm:GetDocument"]
127 | resources = [var.ssm_document_configuration_arn]
128 | }
129 | }
130 |
131 | data "aws_iam_policy_document" "retrieval_s3" {
132 | count = var.create && var.create_retrieval_role && var.use_s3_configuration ? 1 : 0
133 |
134 | statement {
135 | sid = "S3ConfigRead"
136 | actions = [
137 | "s3:GetObject",
138 | "s3:GetObjectVersion",
139 | ]
140 | resources = ["${var.s3_configuration_bucket_arn}/${var.s3_configuration_object_key}"]
141 | }
142 |
143 | statement {
144 | sid = "S3ConfigList"
145 | actions = [
146 | "s3:GetBucketLocation",
147 | "s3:GetBucketVersioning",
148 | "s3:ListBucketVersions",
149 | "s3:ListBucket",
150 | ]
151 | resources = [
152 | var.s3_configuration_bucket_arn,
153 | "${var.s3_configuration_bucket_arn}/*"
154 | ]
155 | }
156 |
157 | statement {
158 | sid = "S3ConfigListBucket"
159 | actions = [
160 | "s3:ListAllMyBuckets",
161 | ]
162 | resources = ["*"]
163 | }
164 | }
165 |
166 | data "aws_iam_policy_document" "retreival" {
167 | source_policy_documents = compact([
168 | try(data.aws_iam_policy_document.retrieval_ssm_parameter[0].json, ""),
169 | try(data.aws_iam_policy_document.retrieval_ssm_document[0].json, ""),
170 | try(data.aws_iam_policy_document.retrieval_s3[0].json, ""),
171 | ])
172 | }
173 |
174 | resource "aws_iam_policy" "retrieval" {
175 | count = var.create && var.create_retrieval_role && !var.use_hosted_configuration ? 1 : 0
176 |
177 | name = local.retrieval_role_name
178 | name_prefix = local.retrieval_role_name_prefix
179 | description = var.retrieval_role_description
180 | path = var.retrieval_role_path
181 | policy = data.aws_iam_policy_document.retreival.json
182 |
183 | tags = merge(var.tags, var.retrieval_role_tags)
184 | }
185 |
186 | resource "aws_iam_role_policy_attachment" "retrieval" {
187 | count = var.create && var.create_retrieval_role && !var.use_hosted_configuration ? 1 : 0
188 |
189 | role = aws_iam_role.retrieval[0].name
190 | policy_arn = aws_iam_policy.retrieval[0].arn
191 | }
192 |
193 | resource "aws_iam_role" "retrieval" {
194 | count = var.create && var.create_retrieval_role && !var.use_hosted_configuration ? 1 : 0
195 |
196 | name = local.retrieval_role_name
197 | name_prefix = local.retrieval_role_name_prefix
198 | description = var.retrieval_role_description
199 | path = var.retrieval_role_path
200 | permissions_boundary = var.retrieval_role_permissions_boundary
201 |
202 | assume_role_policy = jsonencode({
203 | Version = "2012-10-17"
204 | Statement = [
205 | {
206 | Sid = "AppConfigAssume",
207 | Effect = "Allow",
208 | Action = "sts:AssumeRole",
209 | Principal = {
210 | Service = "appconfig.amazonaws.com"
211 | }
212 | }
213 | ]
214 | })
215 |
216 | # give IAM time to propagate or else assume role fails
217 | provisioner "local-exec" {
218 | command = "sleep 5"
219 | }
220 |
221 | tags = merge(var.tags, var.retrieval_role_tags)
222 | }
223 |
--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
1 | # Application
2 | output "application_arn" {
3 | description = "The Amazon Resource Name (ARN) of the AppConfig Application"
4 | value = try(aws_appconfig_application.this[0].arn, null)
5 | }
6 |
7 | output "application_id" {
8 | description = "The AppConfig application ID"
9 | value = try(aws_appconfig_application.this[0].id, null)
10 | }
11 |
12 | # Environments
13 | output "environments" {
14 | description = "The AppConfig environments"
15 | value = aws_appconfig_environment.this
16 | }
17 |
18 | # Configuration profile
19 | output "configuration_profile_arn" {
20 | description = "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile"
21 | value = try(aws_appconfig_configuration_profile.this[0].arn, null)
22 | }
23 |
24 | output "configuration_profile_configuration_profile_id" {
25 | description = "The configuration profile ID"
26 | value = try(aws_appconfig_configuration_profile.this[0].configuration_profile_id, null)
27 | }
28 |
29 | output "configuration_profile_id" {
30 | description = "The AppConfig configuration profile ID and application ID separated by a colon (:)"
31 | value = try(aws_appconfig_configuration_profile.this[0].id, null)
32 | }
33 |
34 | # Hosted configuration version
35 | output "hosted_configuration_version_arn" {
36 | description = "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version"
37 | value = try(aws_appconfig_hosted_configuration_version.this[0].arn, null)
38 | }
39 |
40 | output "hosted_configuration_version_id" {
41 | description = "The AppConfig application ID, configuration profile ID, and version number separated by a slash (/)"
42 | value = try(aws_appconfig_hosted_configuration_version.this[0].id, null)
43 | }
44 |
45 | output "hosted_configuration_version_version_number" {
46 | description = "The version number of the hosted configuration"
47 | value = try(aws_appconfig_hosted_configuration_version.this[0].version_number, null)
48 | }
49 |
50 | # Deployment strategy
51 | output "deployment_strategy_arn" {
52 | description = "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy"
53 | value = try(aws_appconfig_deployment_strategy.this[0].arn, null)
54 | }
55 |
56 | output "deployment_strategy_id" {
57 | description = "The AppConfig deployment strategy ID"
58 | value = try(aws_appconfig_deployment_strategy.this[0].id, null)
59 | }
60 |
61 | # Deployment
62 | output "deployments" {
63 | description = "The AppConfig deployments"
64 | value = aws_appconfig_deployment.this
65 | }
66 |
67 | # Retrieval role
68 | output "retrieval_role_arn" {
69 | description = "Amazon Resource Name (ARN) specifying the retrieval role"
70 | value = try(aws_iam_role.retrieval[0].arn, null)
71 | }
72 |
73 | output "retrieval_role_id" {
74 | description = "Name of the retrieval role"
75 | value = try(aws_iam_role.retrieval[0].id, null)
76 | }
77 |
78 | output "retrieval_role_unique_id" {
79 | description = "Stable and unique string identifying the retrieval role"
80 | value = try(aws_iam_role.retrieval[0].unique_id, null)
81 | }
82 |
83 | output "retrieval_role_name" {
84 | description = "Name of the retrieval role"
85 | value = try(aws_iam_role.retrieval[0].name, null)
86 | }
87 |
88 | output "retrieval_role_policy_arn" {
89 | description = "The ARN assigned by AWS to the retrieval role policy"
90 | value = try(aws_iam_policy.retrieval[0].arn, null)
91 | }
92 |
93 | output "retrieval_role_policy_id" {
94 | description = "The ARN assigned by AWS to the retrieval role policy"
95 | value = try(aws_iam_policy.retrieval[0].id, null)
96 | }
97 |
98 | output "retrieval_role_policy_name" {
99 | description = "The name of the policy"
100 | value = try(aws_iam_policy.retrieval[0].name, null)
101 | }
102 |
103 | output "retrieval_role_policy_policy" {
104 | description = "The retrieval role policy document"
105 | value = try(aws_iam_policy.retrieval[0].policy, null)
106 | }
107 |
108 | output "retrieval_role_policy_policy_id" {
109 | description = "The retrieval role policy ID"
110 | value = try(aws_iam_policy.retrieval[0].policy_id, null)
111 | }
112 |
--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
1 | variable "create" {
2 | description = "Determines whether resources are created"
3 | type = bool
4 | default = true
5 | }
6 |
7 | variable "tags" {
8 | description = "A list of tag blocks. Each element should have keys named key, value, and propagate_at_launch"
9 | type = map(string)
10 | default = {}
11 | }
12 |
13 | # Application
14 | variable "name" {
15 | description = "The name for the application. Must be between 1 and 64 characters in length"
16 | type = string
17 | default = ""
18 | }
19 |
20 | variable "description" {
21 | description = "The description of the application. Can be at most 1024 characters"
22 | type = string
23 | default = null
24 | }
25 |
26 | # Environment
27 | variable "environments" {
28 | description = "Map of attributes for AppConfig environment resource(s)"
29 | type = map(any)
30 | default = {}
31 | }
32 |
33 | # Configuration profile
34 | variable "config_profile_name" {
35 | description = "The name for the configuration profile. Must be between 1 and 64 characters in length"
36 | type = string
37 | default = null
38 | }
39 |
40 | variable "config_profile_description" {
41 | description = "The description of the configuration profile. Can be at most 1024 characters"
42 | type = string
43 | default = null
44 | }
45 |
46 | variable "config_profile_type" {
47 | description = "Type of configurations contained in the profile. Valid values: `AWS.AppConfig.FeatureFlags` and `AWS.Freeform`"
48 | type = string
49 | default = null
50 | }
51 |
52 | variable "config_profile_location_uri" {
53 | description = "A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object"
54 | type = string
55 | default = "hosted"
56 | }
57 |
58 | variable "config_profile_retrieval_role_arn" {
59 | description = "The ARN of an IAM role with permission to access the configuration at the specified `location_uri`. A retrieval role ARN is not required for configurations stored in the AWS AppConfig `hosted` configuration store. It is required for all other sources that store your configuration"
60 | type = string
61 | default = null
62 | }
63 |
64 | variable "config_profile_validator" {
65 | description = "A set of methods for validating the configuration. Maximum of 2"
66 | type = list(map(any))
67 | default = []
68 | }
69 |
70 | variable "config_profile_tags" {
71 | description = "A map of additional tags to apply to the configuration profile"
72 | type = map(string)
73 | default = {}
74 | }
75 |
76 | # Configuration retrieval role
77 | variable "create_retrieval_role" {
78 | description = "Determines whether configuration retrieval IAM role is created"
79 | type = bool
80 | default = true
81 | }
82 |
83 | variable "retrieval_role_name" {
84 | description = "The name for the configuration retrieval role"
85 | type = string
86 | default = ""
87 | }
88 |
89 | variable "retrieval_role_use_name_prefix" {
90 | description = "Determines whether to a name or name-prefix strategy is used on the role"
91 | type = bool
92 | default = true
93 | }
94 |
95 | variable "retrieval_role_description" {
96 | description = "Description of the configuration retrieval role"
97 | type = string
98 | default = null
99 | }
100 |
101 | variable "retrieval_role_path" {
102 | description = "Path to the configuration retrieval role"
103 | type = string
104 | default = null
105 | }
106 |
107 | variable "retrieval_role_permissions_boundary" {
108 | description = "ARN of the policy that is used to set the permissions boundary for the configuration retrieval role"
109 | type = string
110 | default = null
111 | }
112 |
113 | variable "ssm_parameter_configuration_arn" {
114 | description = "ARN of the configuration SSM parameter"
115 | type = string
116 | default = null
117 | }
118 |
119 | variable "ssm_document_configuration_arn" {
120 | description = "ARN of the configuration SSM document"
121 | type = string
122 | default = null
123 | }
124 |
125 | variable "s3_configuration_bucket_arn" {
126 | description = "The ARN of the configuration S3 bucket"
127 | type = string
128 | default = null
129 | }
130 |
131 | variable "s3_configuration_object_key" {
132 | description = "Name of the configuration object/file stored in the S3 bucket"
133 | type = string
134 | default = "*"
135 | }
136 |
137 | variable "retrieval_role_tags" {
138 | description = "A map of additional tags to apply to the configuration retrieval role"
139 | type = map(string)
140 | default = {}
141 | }
142 |
143 | # Configuration version
144 | variable "use_hosted_configuration" {
145 | description = "Determines whether a hosted configuration is used"
146 | type = bool
147 | default = false
148 | }
149 |
150 | variable "use_ssm_parameter_configuration" {
151 | description = "Determines whether an SSM parameter configuration is used"
152 | type = bool
153 | default = false
154 | }
155 |
156 | variable "use_ssm_document_configuration" {
157 | description = "Determines whether an SSM document configuration is used"
158 | type = bool
159 | default = false
160 | }
161 |
162 | variable "use_s3_configuration" {
163 | description = "Determines whether an S3 configuration is used"
164 | type = bool
165 | default = false
166 | }
167 |
168 | variable "hosted_config_version_description" {
169 | description = "A description of the configuration"
170 | type = string
171 | default = null
172 | }
173 |
174 | variable "hosted_config_version_content" {
175 | description = "The content of the configuration or the configuration data"
176 | type = string
177 | default = null
178 | }
179 |
180 | variable "hosted_config_version_content_type" {
181 | description = "A standard MIME type describing the format of the configuration content. For more information, see [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17)"
182 | type = string
183 | default = null
184 | }
185 |
186 | # Deployment strategy
187 | variable "create_deployment_strategy" {
188 | description = "Determines whether a deployment strategy is created"
189 | type = bool
190 | default = true
191 | }
192 |
193 | variable "deployment_strategy_id" {
194 | description = "An existing AppConfig deployment strategy ID"
195 | type = string
196 | default = null
197 | }
198 |
199 | variable "deployment_strategy_name" {
200 | description = "A name for the deployment strategy. Must be between 1 and 64 characters in length"
201 | type = string
202 | default = null
203 | }
204 |
205 | variable "deployment_strategy_description" {
206 | description = "A description of the deployment strategy. Can be at most 1024 characters"
207 | type = string
208 | default = null
209 | }
210 |
211 | variable "deployment_strategy_deployment_duration_in_minutes" {
212 | description = "Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440"
213 | type = number
214 | default = 0
215 | }
216 |
217 | variable "deployment_strategy_final_bake_time_in_minutes" {
218 | description = "Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440"
219 | type = number
220 | default = 0
221 | }
222 |
223 | variable "deployment_strategy_growth_factor" {
224 | description = "The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1, maximum value of 100"
225 | type = number
226 | default = 100
227 | }
228 |
229 | variable "deployment_strategy_growth_type" {
230 | description = "The algorithm used to define how percentage grows over time. Valid value: `LINEAR` and `EXPONENTIAL`. Defaults to `LINEAR`"
231 | type = string
232 | default = null
233 | }
234 |
235 | variable "deployment_strategy_replicate_to" {
236 | description = "Where to save the deployment strategy. Valid values: `NONE` and `SSM_DOCUMENT`"
237 | type = string
238 | default = "NONE"
239 | }
240 |
241 | variable "deployment_strategy_tags" {
242 | description = "A map of additional tags to apply to the deployment strategy"
243 | type = map(string)
244 | default = {}
245 | }
246 |
247 | # Deployment
248 | variable "deployment_description" {
249 | description = "A description of the deployment. Can be at most 1024 characters"
250 | type = string
251 | default = null
252 | }
253 |
254 | variable "deployment_configuration_version" {
255 | description = "The configuration version to deploy. Can be at most 1024 characters"
256 | type = string
257 | default = null
258 | }
259 |
260 | variable "deployment_tags" {
261 | description = "A map of additional tags to apply to the deployment"
262 | type = map(string)
263 | default = {}
264 | }
265 |
--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_version = ">= 1.0"
3 |
4 | required_providers {
5 | aws = {
6 | source = "hashicorp/aws"
7 | version = ">= 5.0"
8 | }
9 | }
10 | }
11 |
--------------------------------------------------------------------------------