-
Notifications
You must be signed in to change notification settings - Fork 3
DRAFT AWS Stored Parameters Use Cases
As long as this message is here, this document is still being worked on and written. Please use this information as "Potentially Incorrect in some areas" until I get it all worked through. :)
This document will go through severla use cases for leveraging Systems Manager Stored Parameters to alloow for Dynamic CloudFormation templates (the focus of this document) and many other scenarios.
You can use these SSM Stored Parameters for many things, however, this page will focus mainly on usage within CloudFormation.
Some considerations when using dynamic references:
- You can include up to 60 dynamic references in a stack template.
- For transforms, such as AWS::Include and AWS::Serverless, AWS CloudFormation does not resolve dynamic references prior to invoking any transforms. Rather, AWS CloudFormation passes the literal string of the dynamic reference to the transform. Dynamic references (including those inserted into the processed template as the result of a transform) are resolved when you execute the change set using the template.
- Dynamic references for secure values, such as ssm-secure and secretsmanager, are not currently supported in custom resources.
Note
- Do not create a dynamic reference that has a backslash () as the final value. AWS CloudFormation cannot resolve those references, which results in a resource failure.
In order to referernce these stored parameters, use the following reference pattern:
'{{resolve:service-name:reference-key}}'
service-name
* Specifies the service in which the value is stored and managed.
- Required.
Currently, valid values include:
* ssm: Systems Manager Parameter Store plaintext parameter.
* ssm-secure: Systems Manager Parameter Store secure string parameter.
**Note**
* Currently, SecureString parameters are not supported by Systems Manager in the cn-north-1 and cn-northwest-1 regions.
* For more information, see AWS Systems Manager Parameter Store in the AWS Systems Manager User Guide.
* ssmsecretsmanager: AWS Secrets Manager secret.
reference-key
* The reference key. Depending on the type of dynamic reference, the reference key may be comprised of multiple segments.
- Required
Use the ssm dynamic reference to include values stored in the Systems Manager Parameter Store of type String or StringList in your templates.
Reference Pattern
For SSM Parameters, the reference-key segment is composed of the parameter name and version number. Use the following pattern:
'{{resolve:ssm:parameter-name:version}}'
Your reference must adhere to the following regular expression pattern for parameter-name and version:
'{{resolve:ssm:[a-zA-Z0-9_.-/]+:\\d+}}'
parameter-name
The name of the parameter in the Systems Manager Parameter Store. The parameter name is case-sensitive.
- Required.
version
An integer that specifies the version of the parameter to use. You must specify the exact version. You cannot currently specify that AWS CloudFormation use the latest version of a parameter. For more information, see Working with Parameter Versions in the AWS Systems Manager User Guide
- Required.
Documentation Sources:
The information provided in this Repo are licensed under the Apache 2.0 license. Please be respectful. Thanks!