Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SSM Secure reference is not supported in: AWS::EC2::Instance/Metadata

Tags:

metadata

amazon-web-services

securestring

amazon-cloudformation

aws-ssm

I am trying to use a SecureString in the meta data section of a cloud formation template but it raises the following error:

SSM Secure reference is not supported in: [AWS::EC2::Instance/Metadata/AWS::CloudFormation::Init/config/files/~/.ssh/content]

This is my code:

Resources:
  LinuxEC2Instance:
  Type: AWS::EC2::Instance
    Metadata:
      AWS::CloudFormation::Init:
      config:
        files:
          ~/.ssh: 
            content: !Sub |
              '{{resolve:ssm-secure:/credentials/ansible:1}}'
            mode: "000644"
            owner: "ansible"
            group: "ansible"

Why does this not work? I expected secure string references to work in Cloud Formation Templates?

like image 870
Benny Avatar asked Jun 10 '20 14:06

Benny

People also ask

How do I find my EC2 instance metadata?

To view instance metadata, you can only use the link-local address of 169.254. 169.254 to access. Requests to the metadata via the URI are free, so there are no additional charges from AWS. Using the curl tool on Linux or the PowerShell cmdlet Invoke-WebRequest on Windows, you will first create your token.

What is EC2 instance metadata?

Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups. You can also use instance metadata to access user data that you specified when launching your instance.

Do you need SSM agent installed on your Amazon EC2 instance for it to show as the managed instance in the Systems Manager console?

To be a managed instance, instances must meet the following prerequisites: Have the AWS Systems Manager Agent (SSM Agent) installed and running. Have connectivity with Systems Manager endpoints using the SSM Agent. Have the correct AWS Identity and Access Management (IAM) role attached.

1 Answers

Why does this not work?

It does not work because ssm-secure is not supported for AWS::EC2::Instance. The list of supported resources is here and it includes:

AWS::DirectoryService::MicrosoftAD
AWS::DirectoryService::SimpleAD
AWS::ElastiCache::ReplicationGroup
AWS::IAM::User
AWS::KinesisFirehose::DeliveryStream
AWS::OpsWorks::App
AWS::OpsWorks::Stack
AWS::OpsWorks::Stack
AWS::RDS::DBCluster
AWS::RDS::DBInstance
AWS::Redshift::Cluster
like image 164
Marcin Avatar answered Sep 21 '22 13:09

Marcin
Sign in to Comment

Related questions

Gracefully handle AWS ECS stop task with .NET Core Application
AWS Cloudfront availability SLA
Using AWS4 Signature via Postman for CRUD Elastic operations
Append a directory to Amazon Lambda Environment Variables $NODE_PATH
AWS Lambda Dev Workflow
Executing Step Function "Tasks" using ECS Fargate
Getting the "Created" time for a Cognito user with AWS Amplify (or aws-sdk)?
How can an ASP.NET Core MVC app get client IP address when server is behind AWS ELB?
How does "latest" tag work in an ECS task definition and container instances pulling from ECR?
Unable to play mp4 video uploaded to AWS S3 using pre-signed URL
PartiQL VS U-SQL
How to see public ip address of elastic beanstalk instance for whitelisting mongodb atlas
How to add a request validator in a AWS SAM template for AWS::Serverless::Api?
Getting “x-amzn-Remapped-WWW-Authenticate instead of WWW-Authenticate and jetty client not able to recognise
Export from Aurora Serverless into S3
Amazon Athena- Querying columns with numbers stored as string
QLDB high latency of ~5000ms
AWS CodeBuild secrets-manager config with environment variable
AWS AppSync - Defining GraphQL schema with custom directives
AWS ECS Fargate Platform 1.4 error ResourceInitializationError: unable to pull secrets or registry auth: execution resource

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!