Support for passwords using ec2ParameterStore

[thomas-brx]

In snowplow/snowplow-rdb-loader@656adb3, support was added to store snowflake passwords in ec2 parameter store. It would be great if support was added in the terraform module as well, to avoid the real password being stored in the state file.

"password": {
  "ec2ParameterStore": {
    "parameterName": "path.to.snowflake.password"
  }
}

The instance role should then also include the policies required to read that password.

[thomas-brx]

And in case anybody needs a workaround, here is one using some horriblecreative config-injection:

  snowflake_password           = "\", \"password\": {\"ec2ParameterStore\": {\"parameterName\": \"foo.bar.baz\"}}, \"dummy\": \"dummy"

This will generate the configuration:

    # DB password
    "password": "", "password": {"ec2ParameterStore": {"parameterName": "foo.bar.baz"}}, "dummy": "dummy",

The second password overrides the first, and the dummy is there to swallow the extra quotation mark in the template.

[jbeemster]

Hi @thomas-brx if you have the bandwidth to implement this feature I would be more than happy to review and merge it in! Otherwise it might be a while until we get to adding this.