- Implements: aws-cdk-lib.aws_ssm.IStringParameter, aws-cdk-lib.ITaggable
Creates a new SecureString SSM Parameter.
If the valueType property is set to encrypted
, the actual SSM SecureString Parameter will be created with a decrypted value from the stringValue property.
import { SecureStringParameter } from 'cdk-secure-string-parameter'
new SecureStringParameter(scope: Construct, id: string, props: EncryptedSecureStringParameterProps | PlainTextSecureStringParameterProps)
Name | Type | Description |
---|---|---|
scope |
constructs.Construct |
No description. |
id |
string |
No description. |
props |
EncryptedSecureStringParameterProps | PlainTextSecureStringParameterProps |
No description. |
- Type: constructs.Construct
- Type: string
Name | Description |
---|---|
toString |
Returns a string representation of this construct. |
applyRemovalPolicy |
Apply the given removal policy to this resource. |
asStringParameter |
Returns this parameter as a native StringParameter. |
grantRead |
Grants read (DescribeParameter, GetParameters, GetParameter, GetParameterHistory) permissions on the SSM Parameter. |
grantWrite |
Grants write (PutParameter) permissions on the SSM Parameter. |
public toString(): string
Returns a string representation of this construct.
public applyRemovalPolicy(policy: RemovalPolicy): void
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY
), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN
).
- Type: aws-cdk-lib.RemovalPolicy
public asStringParameter(): IStringParameter
Returns this parameter as a native StringParameter.
public grantRead(grantee: IGrantable): Grant
Grants read (DescribeParameter, GetParameters, GetParameter, GetParameterHistory) permissions on the SSM Parameter.
- Type: aws-cdk-lib.aws_iam.IGrantable
public grantWrite(grantee: IGrantable): Grant
Grants write (PutParameter) permissions on the SSM Parameter.
- Type: aws-cdk-lib.aws_iam.IGrantable
Name | Description |
---|---|
isConstruct |
Checks if x is a construct. |
isOwnedResource |
Returns true if the construct was created by CDK, and false otherwise. |
isResource |
Check whether the given construct is a Resource. |
import { SecureStringParameter } from 'cdk-secure-string-parameter'
SecureStringParameter.isConstruct(x: any)
Checks if x
is a construct.
- Type: any
Any object.
import { SecureStringParameter } from 'cdk-secure-string-parameter'
SecureStringParameter.isOwnedResource(construct: IConstruct)
Returns true if the construct was created by CDK, and false otherwise.
- Type: constructs.IConstruct
import { SecureStringParameter } from 'cdk-secure-string-parameter'
SecureStringParameter.isResource(construct: IConstruct)
Check whether the given construct is a Resource.
- Type: constructs.IConstruct
Name | Type | Description |
---|---|---|
node |
constructs.Node |
The tree node. |
env |
aws-cdk-lib.ResourceEnvironment |
The environment this resource belongs to. |
stack |
aws-cdk-lib.Stack |
The stack in which this resource is defined. |
parameterArn |
string |
The ARN of the SSM Parameter resource. |
parameterName |
string |
The name of the SSM Parameter resource. |
parameterType |
string |
The type of the SSM Parameter resource. |
stringValue |
string |
The parameter value. |
tags |
aws-cdk-lib.TagManager |
TagManager to set, remove and format tags. |
valueType |
ValueType |
The type of the stringValue. |
encryptionKey |
aws-cdk-lib.aws_kms.IKey |
The encryption key that is used to encrypt this parameter. |
public readonly node: Node;
- Type: constructs.Node
The tree node.
public readonly env: ResourceEnvironment;
- Type: aws-cdk-lib.ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
public readonly stack: Stack;
- Type: aws-cdk-lib.Stack
The stack in which this resource is defined.
public readonly parameterArn: string;
- Type: string
The ARN of the SSM Parameter resource.
public readonly parameterName: string;
- Type: string
The name of the SSM Parameter resource.
public readonly parameterType: string;
- Type: string
The type of the SSM Parameter resource.
public readonly stringValue: string;
- Type: string
The parameter value.
Value must not nest another parameter. Do not use {{}} in the value.
public readonly tags: TagManager;
- Type: aws-cdk-lib.TagManager
TagManager to set, remove and format tags.
public readonly valueType: ValueType;
- Type: ValueType
The type of the stringValue.
public readonly encryptionKey: IKey;
- Type: aws-cdk-lib.aws_kms.IKey
The encryption key that is used to encrypt this parameter.
import { EncryptedSecureStringParameterProps } from 'cdk-secure-string-parameter'
const encryptedSecureStringParameterProps: EncryptedSecureStringParameterProps = { ... }
Name | Type | Description |
---|---|---|
allowedPattern |
string |
A regular expression used to validate the parameter value. |
description |
string |
Information about the parameter that you want to add to the system. |
parameterName |
string |
The name of the parameter. |
simpleName |
boolean |
Indicates if the parameter name is a simple name (i.e. does not include "/" separators). |
tier |
aws-cdk-lib.aws_ssm.ParameterTier |
The tier of the string parameter. |
encryptionKey |
aws-cdk-lib.aws_kms.IKey |
The encryption key that is used to encrypt this parameter. |
stringValue |
string |
The value of the parameter. |
valueType |
ValueType |
The type of the stringValue. Use type encrypted if the value is encrypted with a kms key. |
dataType |
aws-cdk-lib.aws_ssm.ParameterDataType |
The data type of the parameter value. |
removalPolicy |
aws-cdk-lib.RemovalPolicy |
Policy to apply when the parameter is removed from this stack. |
type |
aws-cdk-lib.aws_ssm.ParameterType |
The type of the parameter. |
public readonly allowedPattern: string;
- Type: string
- Default: no validation is performed
A regular expression used to validate the parameter value.
For example, for String types with values restricted to
numbers, you can specify the following: ^\d+$
public readonly description: string;
- Type: string
- Default: none
Information about the parameter that you want to add to the system.
public readonly parameterName: string;
- Type: string
- Default: a name will be generated by CloudFormation
The name of the parameter.
public readonly simpleName: boolean;
- Type: boolean
- Default: auto-detect based on
parameterName
Indicates if the parameter name is a simple name (i.e. does not include "/" separators).
This is required only if parameterName
is a token, which means we
are unable to detect if the name is simple or "path-like" for the purpose
of rendering SSM parameter ARNs.
If parameterName
is not specified, simpleName
must be true
(or
undefined) since the name generated by AWS CloudFormation is always a
simple name.
public readonly tier: ParameterTier;
- Type: aws-cdk-lib.aws_ssm.ParameterTier
- Default: undefined
The tier of the string parameter.
public readonly encryptionKey: IKey;
- Type: aws-cdk-lib.aws_kms.IKey
The encryption key that is used to encrypt this parameter.
public readonly stringValue: string;
- Type: string
The value of the parameter.
It may not reference another parameter and {{}}
cannot be used in the value.
public readonly valueType: ValueType;
- Type: ValueType
The type of the stringValue. Use type encrypted
if the value is encrypted with a kms key.
WARNING: If you use plaintext
, the unecrypted value of the parameter is visible to anyone who has access to cloudformation or deploy artifacts.
public readonly dataType: ParameterDataType;
- Type: aws-cdk-lib.aws_ssm.ParameterDataType
- Default: ParameterDataType.TEXT
The data type of the parameter value.
Only text
is allowed.
public readonly removalPolicy: RemovalPolicy;
- Type: aws-cdk-lib.RemovalPolicy
- Default: RemovalPolicy.DESTROY
Policy to apply when the parameter is removed from this stack.
public readonly type: ParameterType;
- Type: aws-cdk-lib.aws_ssm.ParameterType
- Default: ParameterType.SECURE_STRING
The type of the parameter.
Only SecureString
is allowed.
import { PlainTextSecureStringParameterProps } from 'cdk-secure-string-parameter'
const plainTextSecureStringParameterProps: PlainTextSecureStringParameterProps = { ... }
Name | Type | Description |
---|---|---|
allowedPattern |
string |
A regular expression used to validate the parameter value. |
description |
string |
Information about the parameter that you want to add to the system. |
parameterName |
string |
The name of the parameter. |
simpleName |
boolean |
Indicates if the parameter name is a simple name (i.e. does not include "/" separators). |
tier |
aws-cdk-lib.aws_ssm.ParameterTier |
The tier of the string parameter. |
stringValue |
string |
The value of the parameter. |
valueType |
ValueType |
The type of the stringValue. Use type encrypted if the value is encrypted with a kms key. |
dataType |
aws-cdk-lib.aws_ssm.ParameterDataType |
The data type of the parameter value. |
encryptionKey |
aws-cdk-lib.aws_kms.IKey |
The encryption key that is used to encrypt this parameter. |
removalPolicy |
aws-cdk-lib.RemovalPolicy |
Policy to apply when the parameter is removed from this stack. |
type |
aws-cdk-lib.aws_ssm.ParameterType |
The type of the parameter. |
public readonly allowedPattern: string;
- Type: string
- Default: no validation is performed
A regular expression used to validate the parameter value.
For example, for String types with values restricted to
numbers, you can specify the following: ^\d+$
public readonly description: string;
- Type: string
- Default: none
Information about the parameter that you want to add to the system.
public readonly parameterName: string;
- Type: string
- Default: a name will be generated by CloudFormation
The name of the parameter.
public readonly simpleName: boolean;
- Type: boolean
- Default: auto-detect based on
parameterName
Indicates if the parameter name is a simple name (i.e. does not include "/" separators).
This is required only if parameterName
is a token, which means we
are unable to detect if the name is simple or "path-like" for the purpose
of rendering SSM parameter ARNs.
If parameterName
is not specified, simpleName
must be true
(or
undefined) since the name generated by AWS CloudFormation is always a
simple name.
public readonly tier: ParameterTier;
- Type: aws-cdk-lib.aws_ssm.ParameterTier
- Default: undefined
The tier of the string parameter.
public readonly stringValue: string;
- Type: string
The value of the parameter.
It may not reference another parameter and {{}}
cannot be used in the value.
public readonly valueType: ValueType;
- Type: ValueType
The type of the stringValue. Use type encrypted
if the value is encrypted with a kms key.
WARNING: If you use plaintext
, the unecrypted value of the parameter is visible to anyone who has access to cloudformation or deploy artifacts.
public readonly dataType: ParameterDataType;
- Type: aws-cdk-lib.aws_ssm.ParameterDataType
- Default: ParameterDataType.TEXT
The data type of the parameter value.
Only text
is allowed.
public readonly encryptionKey: IKey;
- Type: aws-cdk-lib.aws_kms.IKey
- Default: alias/aws/ssm
The encryption key that is used to encrypt this parameter.
public readonly removalPolicy: RemovalPolicy;
- Type: aws-cdk-lib.RemovalPolicy
- Default: RemovalPolicy.DESTROY
Policy to apply when the parameter is removed from this stack.
public readonly type: ParameterType;
- Type: aws-cdk-lib.aws_ssm.ParameterType
- Default: ParameterType.SECURE_STRING
The type of the parameter.
Only SecureString
is allowed.
The type of the stringValue.
Name | Description |
---|---|
ENCRYPTED |
Indicates that the value of this parameter is encrypted with a kms key. |
PLAINTEXT |
Indicates that the value of this parameter is in plain text. |
Indicates that the value of this parameter is encrypted with a kms key.
Indicates that the value of this parameter is in plain text.