NTC Parameters
NTC Parameters v2 introduces major improvements including AWS Provider v6 support and AWS European Sovereign Cloud compatibility.
📖 Read the Migration Guide for step-by-step instructions.
Description​
NTC building block module to store and retrieve Terraform or JSON parameters across multiple AWS accounts and CI/CD pipelines. This module is specifically designed to seamlessly integrate with NTC and streamline complex multi-account deployments.
NTC Parameters is a custom solution using S3 to store and share parameters across multiple accounts. While alternatives like AWS SSM Parameter Store exist, they are typically more complex to configure and maintain.
Usage​
| Latest Release | 2.0.0 |
|---|
Requirements​
The following requirements are needed by this module:
-
terraform (>= 1.5.0)
-
aws (>= 6.0)
Providers​
The following providers are used by this module:
- aws (>= 6.0)
Modules​
No modules.
Resources​
The following resources are used by this module:
- aws_kms_alias.ntc_parameters (resource)
- aws_kms_key.ntc_parameters (resource)
- aws_s3_bucket.ntc_parameters (resource)
- aws_s3_bucket_logging.ntc_parameters (resource)
- aws_s3_bucket_ownership_controls.ntc_parameters (resource)
- aws_s3_bucket_policy.ntc_parameters (resource)
- aws_s3_bucket_public_access_block.ntc_parameters (resource)
- aws_s3_bucket_server_side_encryption_configuration.ntc_parameters (resource)
- aws_s3_bucket_versioning.ntc_parameters (resource)
- aws_s3_object.ntc_store_nodeowners (resource)
- aws_caller_identity.current (data source)
- aws_iam_policy_document.ntc_bucket_policy (data source)
- aws_iam_policy_document.ntc_kms_key_policy (data source)
- aws_partition.current (data source)
Required Inputs​
The following input variables are required:
bucket_name​
Description: Name of the S3 bucket where core parameters will be stored.
Type: string
Optional Inputs​
The following input variables are optional (have default values):
access_logging_target_bucket_name​
Description: Name of the bucket where S3 access logging should be stored. Requires "enable_access_logging" to be true.
Type: string
Default: ""
access_logging_target_prefix​
Description: Prefix used for S3 access logging. Requires "enable_access_logging" to be true.
Type: string
Default: "logs/"
enable_access_logging​
Description: Set to true to log S3 access logging.
Type: bool
Default: false
enable_versioning​
Description: Set to false to disable S3 Versioning.
Type: bool
Default: true
force_destroy​
Description: Set to true to delete all parameters when the S3 bucket is destroyed.
Type: bool
Default: false
org_id​
Description: Organization Id to limit bucket access to organization accounts.
Type: string
Default: ""
parameter_nodes​
Description: List of parameter nodes. Nodes can be merged into a single parameter map. A node owner (usually a core account) is allowed to manage parameters in his node.
Type:
list(object({
node_name = string
node_owner_account_id = string
node_owner_iam_role_name = optional(string, "")
node_owner_iam_user_name = optional(string, "")
node_owner_is_account_factory = optional(bool, false)
}))
Default: []
region​
Description: AWS region where the resources will be created. Omit to use the provider default region.
Type: string
Default: null
Outputs​
The following outputs are exported:
bucket_arn​
Description: ARN of the S3 bucket
bucket_id​
Description: ID of the S3 bucket
bucket_policy_json​
Description: Bucket policy as JSON