terraform-aws-gitlab-runner icon indicating copy to clipboard operation
terraform-aws-gitlab-runner copied to clipboard

Published 20 hours ago verified publisher icon cattle-ops

Support for SSM Parameter Store Hierarchy

Open andreas-mueller-bb opened this issue 9 months ago • 1 comments

Describe the bug

Using the latest version with the preregistered token workflow.

We're applying a hierarchy to our parameter names like described here: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-hierarchies.html

Unfortunately that doesn't go well with the ssm policy created for accessing that parameter. When the parameter is called "/terraform/prod/preregistered_gitlab_runner_token" the policy looks like this:

              ~ Statement = [
                  ~ {
                      ~ Action   = [
                          - "ssm:PutParameter",
                          + "ssm:GetParameters",
                          + "ssm:GetParameter",
                        ]
                      ~ Resource = "*" -> [
                          + [...]
                          + "arn:aws:ssm:eu-central-1:913735344111:parameter//terraform/prod/preregistered_gitlab_runner_token",
                        ]

To Reproduce

Steps to reproduce the behavior:

  1. Use a parameter with a leading slash
  2. Apply the module
  3. Check the ssm policy

Expected behavior

As using a hierarchy is encouraged by AWS it would be awesome if this would be compatible with the module :)

Additional context

Thanks for you work!

andreas-mueller-bb avatar May 14 '24 11:05 andreas-mueller-bb