since August 2018 AWS CloudFormation supports AWS Systems Manager Secure String Parameters in CloudFormation Templates.
I have been searching high and low but wasnt able to find a way to create a ssm-secure-string via Cloudformation like I can do it for simple SSM parameter via
Type: "AWS::SSM::Parameter"
Properties:
AllowedPattern: String
Description: String
Name: String
Type: String
Value: String
Can someone help me out? Or is there no way to generate the ssm-secure string right now via Cloudformtion?
Merci A
You can pass multiple values for individual parameters in an AWS CloudFormation template using one of these ways: Use AWS-specific parameter types to select values from a prepopulated list of existing AWS values from an AWS account. Use CommaDelimitedList parameter types to specify your own values.
Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.
Each advanced parameter value is encrypted under a unique data key, and the data key is encrypted under a KMS key. You can use the AWS managed key for the account ( aws/ssm ) or any customer managed key.
Dynamic references provide a compact, powerful way for you to specify external values that are stored and managed in other services, such as the Systems Manager Parameter Store and AWS Secrets Manager, in your stack templates.
As per current docs, it's not supported to create SSM secure string via cloudformation.
Note
AWS CloudFormation doesn't support the SecureString parameter type.
What introduced in Aug 2018 is the support for SSM Secure String as Parameters in cloudformation. Link
For the time being, CustomResource
is the only way, however having raw value in any kind of infra template for secure string is not recommended.
Updated (Nov 2019):
As per this, we can provide 3rd party resource provider for such use cases. CustomResource
is good but kind of repetitive if you use in multiple stacks. So now I would prefer using this 3rd party resource providers for common use cases like secure SSM. It's farily simple to implement as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With