Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Accessing SSM variables with Serverless

I would like to use SSM Parameters in Serverless Variables.

Following the docs, I ran this command:

aws ssm put-parameter --name foo --value bar --type SecureString

And I added this to my serverless.yml:

custom:
  foo: ${ssm:foo}

When I deploy, I get this warning however:

Serverless Warning --------------------------------------

  A valid SSM parameter to satisfy the declaration 'ssm:foo' could not be found.

How do I access this variable? Thanks!

like image 505
SeanPlusPlus Avatar asked Feb 15 '18 21:02

SeanPlusPlus


People also ask

How do I pass an environment variable in serverless?

To reference environment variables, use the ${env:SOME_VAR} syntax in your serverless. yml configuration file. It is valid to use the empty string in place of SOME_VAR .

What is SSM serverless?

Serverless SSM Fetch is an "AWS provider only" plugin that allows to fetch parameters from AWS Store Parameters and assign them to serverless. yml functions environment variables. Before using this plugin you must have set your parameters into AWS System Manager Parameter Store.

Is serverless better than Sam?

Comparing AWS SAM with the Serverless FrameworkAllows you to run Lambda features locally. Thus, it is easier to build and test Lambda functions without needing to deploy them to AWS. You can invoke Lambda functions from the command line, but only in case they are available through API Gateway.


2 Answers

if the parameter is a SecureString, you need to add ~true after the path to the parameter on the serverless.yml file, as explained here: https://serverless.com/framework/docs/providers/aws/guide/variables#reference-variables-using-the-ssm-parameter-store

This will tell the framework to decrypt the value. Make sure that you have permissions to use the key used to encrypt the parameter.

like image 74
vgaltes Avatar answered Sep 22 '22 16:09

vgaltes


Check your IAM policy. To get the parameters, the user doing the deployment needs access to SSM. This offers full access. See the docs to narrow it down a bit (ie: GetParameters, GetParameter).

  "Effect": "Allow",
  "Action": [
    "ssm:*"
  ],
  "Resource": [
    "*"
  ]
like image 28
John Mee Avatar answered Sep 20 '22 16:09

John Mee