Menu
I have configured a key value pair in the AWS SSM parameter store UI as my-ssm-key = ssm-value.
I have the following YAML template for CF built on Serverless:
service: redirect-test
provider:
name: aws
runtime: python3.8
environment:
ssm_value: '{{resolve:ssm:my-ssm-key:1}}'
ssm_value_is_correct: !If [SSM_KEY_IS_CORRECT, yes, no]
functions:
hello:
handler: handler.hello
resources:
Conditions:
SSM_KEY_IS_CORRECT:
!Equals
- '{{resolve:ssm:my-ssm-key:1}}'
- 'ssm-value'
On deploying the stack, environment variables are being set to ssm_value = ssm-value and ssm_value_is_correct = no.
Why is the conditional statement resolving to "no" instead of "yes"? What is the correct way to use SSM parameter store values in conditionals?
Param store screenshot: 
Env variables screenshot: 
912
Referencing a parameter within a template You use the Ref intrinsic function to reference a parameter, and AWS CloudFormation uses the parameter's value to provision the stack. You can reference parameters from the Resources and Outputs sections of the same template.
Parameters (optional) Values to pass to your template at runtime (when you create or update a stack). You can refer to parameters from the Resources and Outputs sections of the template.
Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values.
CloudFormation currently supports the following dynamic reference patterns: ssm, for plaintext values stored in AWS Systems Manager Parameter Store. ssm-secure, for secure strings stored in AWS Systems Manager Parameter Store. secretsmanager, for entire secrets or secret values stored in AWS Secrets Manager.
SSM parameter types correspond to existing parameters in Systems Manager Parameter Store. You specify a Systems Manager parameter key as the value of the SSM parameter, and AWS CloudFormation fetches the latest value from Parameter Store to use for the stack.
For example, users could specify "MyUserName" . An integer or float. AWS CloudFormation validates the parameter value as a number; however, when you use the parameter elsewhere in your template (for example, by using the Ref intrinsic function), the parameter value becomes a string. For example, users could specify "8888" .
If you specify Secure Strings as parameter values using the ssm-secure pattern, AWS CloudFormation does not store the Secure String value or display it in the console or in the results of API calls. Because the value of an SSM parameter is a Systems Manager parameter key, you should be aware of the following behavior:
When you create or update stacks and create change sets, AWS CloudFormation uses whatever values exist in Parameter Store at the time the operation is run. If a specified parameter doesn't exist in Parameter Store under the caller's AWS account, AWS CloudFormation returns a validation error.
I was able to resolve the issue by using this CF template:
service: redirect-test
provider:
name: aws
runtime: python3.8
environment:
ssm_value: !Ref MySSMValue
ssm_value_is_correct: !If [SSM_KEY_IS_CORRECT, yes, no]
functions:
hello:
handler: handler.hello
resources:
Conditions:
SSM_KEY_IS_CORRECT:
!Equals
- !Ref MySSMValue
- ssm-value
Parameters:
MySSMValue:
Description: My SSM Value
Type: AWS::SSM::Parameter::Value<String>
Default: my-ssm-key
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With