aws:parameterstore
Table of Contents
AWS Parameter Store (SSM)
AWS Cli
Set a parameter
#aws ssm put-parameter --name "test123" --type "String" --value "MyValue"
#{
# "Version": 1,
# "Tier": "Standard"
#}
Note:- If the Value contains a URL, it will create an error:-
$ aws ssm put-parameter --name "/repo/testpar3" --value "https://server/repo3.git" --description "repo_backup" --type "String" Error parsing parameter '--value': Unable to retrieve https://server/repo3.git: Could not connect to the endpoint URL: "https://server/repo3.git"
Fix is to use:-
$ aws configure set cli_follow_urlparam false
$ aws ssm put-parameter --name "/repo/testpar3" --value "https://server/repo3.git" --description "repo_backup" --type "String"
{
"Version": 1,
"Tier": "Standard"
}
Get a parameter
$ aws ssm get-parameters --names "/ami/AMZN2/latest" --query "Parameters[*].{Value:Value}" --profile nonprod
[
{
"Value": "ami-05432161ea123456"
}
]
$
List parameters
This uses an option to pattern match:-
$ cat parameters.sh #!/bin/bash # Get the Name output from command, this requires # export AWS_DEFAULT_OUTPUT="json", text as an output clearly won't work with ''jq'' export AWS_DEFAULT_OUTPUT="json" aws ssm describe-parameters --parameter-filters "Key=Name, Values=/repo/testpar, Option=Contains" | jq '.[] | .[].Name' $ ./parameters.sh "/repo/testpar1" "/repo/testpar2" "/repo/testpar3" $
Python Boto3
Read Parameter
session = boto3.session.Session() ssmsession = session.client('ssm') parameter_subnets = '/config/SubnetIds' def readparameter(parameter): parameter_response = ssmsession.get_parameter(Name=parameter) value = parameter_response['Parameter']['Value'] return parameter_response, value raw_subnet_info, sub_value = readparameter(parameter_subnets)
Put Parameter (write)
ssm_client= boto3.client("ssm") ssmresponse = ssm_client.put_parameter( Name='boto3_lambda_layer_test', Description='ARN for boto3 lambda layer', Value=response['LayerArn'], Type='String', Tier='Standard', DataType='text' )
Lambda Function version
import boto3 def readparameter(parameter): parameter_client = boto3.client('ssm') parameter_response = parameter_client.get_parameter( Name=parameter, ) return parameter_response def lambda_handler(event, context): parameter_source_bucket = '/FULL/PATH/SourceBucket' source_bucket = readparameter(parameter_source_bucket) # {'Parameter': {'Name': '/FULL/PATH/SourceBucket', 'Type': 'String', 'Value': 'repo-development', 'Version': 1, 'LastModifiedDate': datetime.datetime(2022, 8, 4, 10, 54, 46, 480000, tzinfo=tzlocal()), 'ARN': 'arn:aws:ssm:eu-west-1:97112341234123:parameter/FULL/PATH/SourceBucket', 'DataType': 'text'}, 'ResponseMetadata': {'RequestId': '351fdcf9-37cd-41b6-aed7-6de291dddedb', 'HTTPStatusCode': 200, 'HTTPHeaders': {'server': 'Server', 'date': 'Thu, 04 Aug 2022 11:38:52 GMT', 'content-type': 'application/x-amz-json-1.1', 'content-length': '265', 'connection': 'keep-alive', 'x-amzn-requestid': '351fdcf9-37cd-41b6-aed7-6de291dddedb'}, 'RetryAttempts': 0}} print(source_bucket['Parameter']['Value']) }
Parameter Store in Cloudformation
Reference the value in ParameterStore in the Parameters section of the CF Template.
Then this value isa available to the CF Template with !Ref.
AWSTemplateFormatVersion: '2010-09-09' Description: CF for Automation Project Parameters: AccountNumber1: Type: AWS::SSM::Parameter::Value<String> Default: AccountNumber1 Description: AccountNumber1 Resources: Policy: Type: 'AWS::IAM::ManagedPolicy' Properties: Description: 'Policy for Automation Project' PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogStream - logs:PutLogEvents Resource: - !Join - ':' - - 'arn:aws:logs:*' - !Ref AccountNumber1 - 'log-group:/aws/lambda/*:*' Roles: - !Ref MyReportRole
aws/parameterstore.txt · Last modified: by 127.0.0.1