fix(awstf): support SSM resource resolution with AWS Terraform

cloud/aws/deploy/resources.go

@@ -26,9 +26,9 @@ import (
 func (a *NitricAwsPulumiProvider) resourcesStore(ctx *pulumi.Context) error {
 	// Build the AWS resource index from the provider information
 	// This will be used to store the ARNs/Identifiers of all resources created by the stack
-	bucketNameMap := pulumi.StringMap{}
+	bucketArnMap := pulumi.StringMap{}
 	for name, bucket := range a.Buckets {
-		bucketNameMap[name] = bucket.Arn
+		bucketArnMap[name] = bucket.Arn
 	}
 
 	apiArnMap := pulumi.StringMap{}
@@ -85,7 +85,7 @@ func (a *NitricAwsPulumiProvider) resourcesStore(ctx *pulumi.Context) error {
 
 	// Build the index from the provider information
 	resourceIndexJson := pulumi.All(
-		bucketNameMap,
+		bucketArnMap,
 		apiArnMap,
 		apiEndpointMap,
 		websocketArnMap,

cloud/aws/deploytf/.nitric/modules/api/outputs.tf

@@ -1,3 +1,7 @@
 output "endpoint" {
   value = aws_apigatewayv2_api.api_gateway.api_endpoint
-}
+}
+
+output "arn" {
+  value = aws_apigatewayv2_api.api_gateway.arn
+}

cloud/aws/deploytf/.nitric/modules/http_proxy/outputs.tf

@@ -0,0 +1,7 @@
+output "arn" {
+  value = aws_apigatewayv2_api.api_gateway.arn
+}
+
+output "endpoint" {
+  value = aws_apigatewayv2_api.api_gateway.api_endpoint
+}

cloud/aws/deploytf/.nitric/modules/parameter/main.tf

@@ -0,0 +1,36 @@
+resource "random_string" "random" {
+  length  = 4
+  special = false
+}
+
+locals {
+  policy_name = "nitric-param-access-${random_string.random.result}"
+}
+
+# Create a new SSM Parameter Store parameter
+resource "aws_ssm_parameter" "text_parameter" {
+  name      = var.parameter_name
+  type      = "String"
+  value     = var.parameter_value
+  data_type = "text"
+}
+
+# Create the access policy
+resource "aws_iam_policy" "access_policy" {
+  name = local.policy_name
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [{
+      Effect   = "Allow"
+      Action   = "ssm:GetParameter"
+      Resource = aws_ssm_parameter.text_parameter.arn
+    }]
+  })
+}
+
+# Create the role policy attachment
+resource "aws_iam_role_policy_attachment" "policy_attachment" {
+  for_each   = var.access_role_names
+  role       = each.value
+  policy_arn = aws_iam_policy.access_policy.arn
+}

cloud/aws/deploytf/.nitric/modules/parameter/variables.tf

@@ -0,0 +1,14 @@
+variable "parameter_name" {
+  description = "The name of the parameter"
+  type        = string
+}
+
+variable "access_role_names" {
+  description = "The names of the roles that can access the parameter"
+  type        = set(string)
+}
+
+variable "parameter_value" {
+  description = "The text value of the parameter"
+  type        = string
+}

cloud/aws/deploytf/.nitric/modules/websocket/outputs.tf

@@ -1,9 +1,14 @@
 output "websocket_arn" {
   description = "The ARN of the deployed websocket API"
-  value       =  aws_apigatewayv2_api.websocket.arn
+  value       = aws_apigatewayv2_api.websocket.arn
+}
+
+output "endpoint" {
+  description = "The endpoint of the deployed websocket API"
+  value       = aws_apigatewayv2_api.websocket.api_endpoint
 }
 
 output "websocket_exec_arn" {
   description = "The Execution ARN of the deployed websocket API"
-  value       =  aws_apigatewayv2_api.websocket.execution_arn
+  value       = aws_apigatewayv2_api.websocket.execution_arn
 }

cloud/aws/deploytf/cdktf.json

@@ -65,6 +65,10 @@
     {
       "name": "sql",
       "source": "./.nitric/modules/sql"
+    },
+    {
+      "name": "parameter",
+      "source": "./.nitric/modules/parameter"
     }
   ],
   "context": {}

cloud/aws/deploytf/deploy.go

@@ -26,6 +26,7 @@ import (
 	"github.com/nitrictech/nitric/cloud/aws/common"
 	"github.com/nitrictech/nitric/cloud/aws/deploytf/generated/api"
 	"github.com/nitrictech/nitric/cloud/aws/deploytf/generated/bucket"
+	"github.com/nitrictech/nitric/cloud/aws/deploytf/generated/http_proxy"
 	"github.com/nitrictech/nitric/cloud/aws/deploytf/generated/keyvalue"
 	"github.com/nitrictech/nitric/cloud/aws/deploytf/generated/queue"
 	rds "github.com/nitrictech/nitric/cloud/aws/deploytf/generated/rds"
@@ -56,6 +57,7 @@ type NitricAwsTerraformProvider struct {
 	Apis           map[string]api.Api
 	Buckets        map[string]bucket.Bucket
 	Topics         map[string]topic.Topic
+	HttpProxies    map[string]http_proxy.HttpProxy
 	Schedules      map[string]schedule.Schedule
 	Services       map[string]service.Service
 	Secrets        map[string]secret.Secret
@@ -140,7 +142,7 @@ func (a *NitricAwsTerraformProvider) Pre(stack cdktf.TerraformStack, resources [
 }
 
 func (a *NitricAwsTerraformProvider) Post(stack cdktf.TerraformStack) error {
-	return nil
+	return a.resourcesStore(stack)
 }
 
 // // Post - Called after all resources have been created, before the Pulumi Context is concluded

cloud/aws/deploytf/generated/api/Api.go

@@ -14,6 +14,7 @@ import (
 // Source at ./.nitric/modules/api
 type Api interface {
 	cdktf.TerraformModule
+	ArnOutput() *string
 	// Experimental.
 	CdktfStack() cdktf.TerraformStack
 	// Experimental.
@@ -84,6 +85,16 @@ type jsiiProxy_Api struct {
 	internal.Type__cdktfTerraformModule
 }
 
+func (j *jsiiProxy_Api) ArnOutput() *string {
+	var returns *string
+	_jsii_.Get(
+		j,
+		"arnOutput",
+		&returns,
+	)
+	return returns
+}
+
 func (j *jsiiProxy_Api) CdktfStack() cdktf.TerraformStack {
 	var returns cdktf.TerraformStack
 	_jsii_.Get(

cloud/aws/deploytf/generated/api/main.go

@@ -14,6 +14,7 @@ func init() {
 		[]_jsii_.Member{
 			_jsii_.MemberMethod{JsiiMethod: "addOverride", GoMethod: "AddOverride"},
 			_jsii_.MemberMethod{JsiiMethod: "addProvider", GoMethod: "AddProvider"},
+			_jsii_.MemberProperty{JsiiProperty: "arnOutput", GoGetter: "ArnOutput"},
 			_jsii_.MemberProperty{JsiiProperty: "cdktfStack", GoGetter: "CdktfStack"},
 			_jsii_.MemberProperty{JsiiProperty: "constructNodeMetadata", GoGetter: "ConstructNodeMetadata"},
 			_jsii_.MemberProperty{JsiiProperty: "dependsOn", GoGetter: "DependsOn"},

cloud/aws/deploytf/generated/http_proxy/HttpProxy.go

@@ -14,6 +14,7 @@ import (
 // Source at ./.nitric/modules/http_proxy
 type HttpProxy interface {
 	cdktf.TerraformModule
+	ArnOutput() *string
 	// Experimental.
 	CdktfStack() cdktf.TerraformStack
 	// Experimental.
@@ -22,6 +23,7 @@ type HttpProxy interface {
 	DependsOn() *[]*string
 	// Experimental.
 	SetDependsOn(val *[]*string)
+	EndpointOutput() *string
 	// Experimental.
 	ForEach() cdktf.ITerraformIterator
 	// Experimental.
@@ -79,6 +81,16 @@ type jsiiProxy_HttpProxy struct {
 	internal.Type__cdktfTerraformModule
 }
 
+func (j *jsiiProxy_HttpProxy) ArnOutput() *string {
+	var returns *string
+	_jsii_.Get(
+		j,
+		"arnOutput",
+		&returns,
+	)
+	return returns
+}
+
 func (j *jsiiProxy_HttpProxy) CdktfStack() cdktf.TerraformStack {
 	var returns cdktf.TerraformStack
 	_jsii_.Get(
@@ -109,6 +121,16 @@ func (j *jsiiProxy_HttpProxy) DependsOn() *[]*string {
 	return returns
 }
 
+func (j *jsiiProxy_HttpProxy) EndpointOutput() *string {
+	var returns *string
+	_jsii_.Get(
+		j,
+		"endpointOutput",
+		&returns,
+	)
+	return returns
+}
+
 func (j *jsiiProxy_HttpProxy) ForEach() cdktf.ITerraformIterator {
 	var returns cdktf.ITerraformIterator
 	_jsii_.Get(

cloud/aws/deploytf/generated/http_proxy/main.go

@@ -14,9 +14,11 @@ func init() {
 		[]_jsii_.Member{
 			_jsii_.MemberMethod{JsiiMethod: "addOverride", GoMethod: "AddOverride"},
 			_jsii_.MemberMethod{JsiiMethod: "addProvider", GoMethod: "AddProvider"},
+			_jsii_.MemberProperty{JsiiProperty: "arnOutput", GoGetter: "ArnOutput"},
 			_jsii_.MemberProperty{JsiiProperty: "cdktfStack", GoGetter: "CdktfStack"},
 			_jsii_.MemberProperty{JsiiProperty: "constructNodeMetadata", GoGetter: "ConstructNodeMetadata"},
 			_jsii_.MemberProperty{JsiiProperty: "dependsOn", GoGetter: "DependsOn"},
+			_jsii_.MemberProperty{JsiiProperty: "endpointOutput", GoGetter: "EndpointOutput"},
 			_jsii_.MemberProperty{JsiiProperty: "forEach", GoGetter: "ForEach"},
 			_jsii_.MemberProperty{JsiiProperty: "fqn", GoGetter: "Fqn"},
 			_jsii_.MemberProperty{JsiiProperty: "friendlyUniqueId", GoGetter: "FriendlyUniqueId"},