SecretManagement for Terraform and Ansible

In this quick article, I’ll show you how I use AWS SSM Parameter Store as a glue between Terrafom and Ansible. Use Case For a personal project, I needed to pass some parameters (key/value) and secrets (encrypted) from my IaC Terraform to Ansible. AWS SSM PS ? AWS SSM Parameter Store is a secure key-value storage, a native EC2 functionality. From AWS Documentation: Parameter Store offers the following benefits and features: Use a secure, scalable, hosted secrets management service (No servers to manage). Improve your security posture by separating your data from your code. Store configuration data and secure strings in hierarchies and track versions. Control and audit access at granular levels. Configure change notifications and trigger automated actions. Tag parameters individually, and then secure access from different levels, including operational, parameter, EC2 tag, or path levels. Reference AWS Secrets Manager secrets by using Parameter Store parameters. Use Parameter Store parameters with other Systems Manager capabilities and AWS services to retrieve secrets and configuration data from a central store. The following AWS services support Parameter Store parameters: Amazon EC2, Amazon Elastic Container Service, AWS Lambda, AWS CloudFormation, AWS CodeBuild, and AWS CodeDeploy. Configure integration with AWS KMS, Amazon SNS, Amazon CloudWatch, and AWS CloudTrail for encryption, notification, monitoring, and audit capabilities. Terraform Set SSM secrets the right way: ...

October 5, 2018 · 2 min · 345 words · zoph