Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

creating ssm secure string with cloudformation

Tags:

amazon-cloudformation

aws-parameter-store

since August 2018 AWS CloudFormation supports AWS Systems Manager Secure String Parameters in CloudFormation Templates.

I have been searching high and low but wasnt able to find a way to create a ssm-secure-string via Cloudformation like I can do it for simple SSM parameter via 

Type: "AWS::SSM::Parameter"
Properties: 
  AllowedPattern: String
  Description: String
  Name: String
  Type: String
  Value: String

Can someone help me out? Or is there no way to generate the ssm-secure string right now via Cloudformtion?

Merci A

like image 758
aerioeus Avatar asked Sep 12 '18 17:09

aerioeus

People also ask

How do you pass parameters in CloudFormation?

You can pass multiple values for individual parameters in an AWS CloudFormation template using one of these ways: Use AWS-specific parameter types to select values from a prepopulated list of existing AWS values from an AWS account. Use CommaDelimitedList parameter types to specify your own values.

Is CloudFormation secure?

Cloud security at AWS is the highest priority. As an AWS customer, you benefit from data centers and network architectures that are built to meet the requirements of the most security-sensitive organizations.

Are SSM parameters encrypted?

Each advanced parameter value is encrypted under a unique data key, and the data key is encrypted under a KMS key. You can use the AWS managed key for the account ( aws/ssm ) or any customer managed key.

What is dynamic reference in CloudFormation?

Dynamic references provide a compact, powerful way for you to specify external values that are stored and managed in other services, such as the Systems Manager Parameter Store and AWS Secrets Manager, in your stack templates.

1 Answers

As per current docs, it's not supported to create SSM secure string via cloudformation.

Note

AWS CloudFormation doesn't support the SecureString parameter type.

What introduced in Aug 2018 is the support for SSM Secure String as Parameters in cloudformation. Link

For the time being, CustomResource is the only way, however having raw value in any kind of infra template for secure string is not recommended.

Updated (Nov 2019):

As per this, we can provide 3rd party resource provider for such use cases. CustomResource is good but kind of repetitive if you use in multiple stacks. So now I would prefer using this 3rd party resource providers for common use cases like secure SSM. It's farily simple to implement as well.

like image 51
sayboras Avatar answered Sep 19 '22 14:09

sayboras
Sign in to Comment

Related questions

Cloudformation Cloudwatch InputTemplate Formatting
how to access mongodb instance outside a VPC
Run Custom resource whenever i update my CFN Stack
In AWS API Gateway, can I use a Usage Plan without attaching an API Key?
CloudFormation : Template RDS Mysql to Create DB, Tables, User, or Load Schema
Cloudformation how to reference Managed-Policy from another stack
determine required permissions for AWS CDK
Least privilege AWS IAM policy for cloudformation
Cloudformation & Parameter Store: How to select parameter for the environment
Serverless Framework: Output compiled CloudFormation
CannotPullContainerError: Error response from daemon: pull access denied for ECR Repo Image, repository does not exist or may require 'docker login'
AWS CloudFormation not creating initial instance in Auto Scaling group
At least one Resources member must be defined ...error in cloud formation ec2
What is the difference between AWS ElastiCache Cluster and AWS ElastiCache Replication Group?
How to automate root device volume's tagging using CloudFormation
Route53 getHostedZone AccessDenied. User doesn't have permission to call route53:GetHostedZone

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!