API Reference

Constructs

SecureStringParameter

Implements: aws-cdk-lib.aws_ssm.IStringParameter, aws-cdk-lib.ITaggable

Creates a new SecureString SSM Parameter.

If the valueType property is set to encrypted, the actual SSM SecureString Parameter will be created with a decrypted value from the stringValue property.

Initializers

import { SecureStringParameter } from 'cdk-secure-string-parameter'

new SecureStringParameter(scope: Construct, id: string, props: EncryptedSecureStringParameterProps | PlainTextSecureStringParameterProps)

Name	Type	Description
`scope`	`constructs.Construct`	No description.
`id`	`string`	No description.
`props`	`EncryptedSecureStringParameterProps \| PlainTextSecureStringParameterProps`	No description.

`scope`^Required

Type: constructs.Construct

`id`^Required

Type: string

`props`^Required

Type: EncryptedSecureStringParameterProps | PlainTextSecureStringParameterProps

Methods

Name	Description
`toString`	Returns a string representation of this construct.
`applyRemovalPolicy`	Apply the given removal policy to this resource.
`asStringParameter`	Returns this parameter as a native StringParameter.
`grantRead`	Grants read (DescribeParameter, GetParameters, GetParameter, GetParameterHistory) permissions on the SSM Parameter.
`grantWrite`	Grants write (PutParameter) permissions on the SSM Parameter.

`toString`

public toString(): string

Returns a string representation of this construct.

`applyRemovalPolicy`

public applyRemovalPolicy(policy: RemovalPolicy): void

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

`policy`^Required

Type: aws-cdk-lib.RemovalPolicy

`asStringParameter`

public asStringParameter(): IStringParameter

Returns this parameter as a native StringParameter.

`grantRead`

public grantRead(grantee: IGrantable): Grant

Grants read (DescribeParameter, GetParameters, GetParameter, GetParameterHistory) permissions on the SSM Parameter.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

`grantWrite`

public grantWrite(grantee: IGrantable): Grant

Grants write (PutParameter) permissions on the SSM Parameter.

`grantee`^Required

Type: aws-cdk-lib.aws_iam.IGrantable

Static Functions

Name	Description
`isConstruct`	Checks if `x` is a construct.
`isOwnedResource`	Returns true if the construct was created by CDK, and false otherwise.
`isResource`	Check whether the given construct is a Resource.

`isConstruct`

import { SecureStringParameter } from 'cdk-secure-string-parameter'

SecureStringParameter.isConstruct(x: any)

Checks if x is a construct.

`x`^Required

Type: any

Any object.

`isOwnedResource`

import { SecureStringParameter } from 'cdk-secure-string-parameter'

SecureStringParameter.isOwnedResource(construct: IConstruct)

Returns true if the construct was created by CDK, and false otherwise.

`construct`^Required

Type: constructs.IConstruct

`isResource`

import { SecureStringParameter } from 'cdk-secure-string-parameter'

SecureStringParameter.isResource(construct: IConstruct)

Check whether the given construct is a Resource.

`construct`^Required

Type: constructs.IConstruct

Properties

Name	Type	Description
`node`	`constructs.Node`	The tree node.
`env`	`aws-cdk-lib.ResourceEnvironment`	The environment this resource belongs to.
`stack`	`aws-cdk-lib.Stack`	The stack in which this resource is defined.
`parameterArn`	`string`	The ARN of the SSM Parameter resource.
`parameterName`	`string`	The name of the SSM Parameter resource.
`parameterType`	`string`	The type of the SSM Parameter resource.
`stringValue`	`string`	The parameter value.
`tags`	`aws-cdk-lib.TagManager`	TagManager to set, remove and format tags.
`valueType`	`ValueType`	The type of the stringValue.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The encryption key that is used to encrypt this parameter.

`node`^Required

public readonly node: Node;

Type: constructs.Node

The tree node.

`env`^Required

public readonly env: ResourceEnvironment;

Type: aws-cdk-lib.ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.

`stack`^Required

public readonly stack: Stack;

Type: aws-cdk-lib.Stack

The stack in which this resource is defined.

`parameterArn`^Required

public readonly parameterArn: string;

Type: string

The ARN of the SSM Parameter resource.

`parameterName`^Required

public readonly parameterName: string;

Type: string

The name of the SSM Parameter resource.

`parameterType`^Required

public readonly parameterType: string;

Type: string

The type of the SSM Parameter resource.

`stringValue`^Required

public readonly stringValue: string;

Type: string

The parameter value.

Value must not nest another parameter. Do not use {{}} in the value.

`tags`^Required

public readonly tags: TagManager;

Type: aws-cdk-lib.TagManager

TagManager to set, remove and format tags.

`valueType`^Required

public readonly valueType: ValueType;

Type: ValueType

The type of the stringValue.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The encryption key that is used to encrypt this parameter.

Structs

EncryptedSecureStringParameterProps

Initializer

import { EncryptedSecureStringParameterProps } from 'cdk-secure-string-parameter'

const encryptedSecureStringParameterProps: EncryptedSecureStringParameterProps = { ... }

Properties

Name	Type	Description
`allowedPattern`	`string`	A regular expression used to validate the parameter value.
`description`	`string`	Information about the parameter that you want to add to the system.
`parameterName`	`string`	The name of the parameter.
`simpleName`	`boolean`	Indicates if the parameter name is a simple name (i.e. does not include "/" separators).
`tier`	`aws-cdk-lib.aws_ssm.ParameterTier`	The tier of the string parameter.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The encryption key that is used to encrypt this parameter.
`stringValue`	`string`	The value of the parameter.
`valueType`	`ValueType`	The type of the stringValue. Use type `encrypted` if the value is encrypted with a kms key.
`dataType`	`aws-cdk-lib.aws_ssm.ParameterDataType`	The data type of the parameter value.
`removalPolicy`	`aws-cdk-lib.RemovalPolicy`	Policy to apply when the parameter is removed from this stack.
`type`	`aws-cdk-lib.aws_ssm.ParameterType`	The type of the parameter.

`allowedPattern`^Optional

public readonly allowedPattern: string;

Type: string
Default: no validation is performed

A regular expression used to validate the parameter value.

For example, for String types with values restricted to numbers, you can specify the following: ^\d+$

`description`^Optional

public readonly description: string;

Type: string
Default: none

Information about the parameter that you want to add to the system.

`parameterName`^Optional

public readonly parameterName: string;

Type: string
Default: a name will be generated by CloudFormation

The name of the parameter.

`simpleName`^Optional

public readonly simpleName: boolean;

Type: boolean
Default: auto-detect based on parameterName

Indicates if the parameter name is a simple name (i.e. does not include "/" separators).

This is required only if parameterName is a token, which means we are unable to detect if the name is simple or "path-like" for the purpose of rendering SSM parameter ARNs.

If parameterName is not specified, simpleName must be true (or undefined) since the name generated by AWS CloudFormation is always a simple name.

`tier`^Optional

public readonly tier: ParameterTier;

Type: aws-cdk-lib.aws_ssm.ParameterTier
Default: undefined

The tier of the string parameter.

`encryptionKey`^Required

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey

The encryption key that is used to encrypt this parameter.

`stringValue`^Required

public readonly stringValue: string;

Type: string

The value of the parameter.

It may not reference another parameter and {{}} cannot be used in the value.

`valueType`^Required

public readonly valueType: ValueType;

Type: ValueType

The type of the stringValue. Use type encrypted if the value is encrypted with a kms key.

WARNING: If you use plaintext, the unecrypted value of the parameter is visible to anyone who has access to cloudformation or deploy artifacts.

`dataType`^Optional

public readonly dataType: ParameterDataType;

Type: aws-cdk-lib.aws_ssm.ParameterDataType
Default: ParameterDataType.TEXT

The data type of the parameter value.

Only text is allowed.

`removalPolicy`^Optional

public readonly removalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.DESTROY

Policy to apply when the parameter is removed from this stack.

`type`^Optional

public readonly type: ParameterType;

Type: aws-cdk-lib.aws_ssm.ParameterType
Default: ParameterType.SECURE_STRING

The type of the parameter.

Only SecureString is allowed.

PlainTextSecureStringParameterProps

Initializer

import { PlainTextSecureStringParameterProps } from 'cdk-secure-string-parameter'

const plainTextSecureStringParameterProps: PlainTextSecureStringParameterProps = { ... }

Properties

Name	Type	Description
`allowedPattern`	`string`	A regular expression used to validate the parameter value.
`description`	`string`	Information about the parameter that you want to add to the system.
`parameterName`	`string`	The name of the parameter.
`simpleName`	`boolean`	Indicates if the parameter name is a simple name (i.e. does not include "/" separators).
`tier`	`aws-cdk-lib.aws_ssm.ParameterTier`	The tier of the string parameter.
`stringValue`	`string`	The value of the parameter.
`valueType`	`ValueType`	The type of the stringValue. Use type `encrypted` if the value is encrypted with a kms key.
`dataType`	`aws-cdk-lib.aws_ssm.ParameterDataType`	The data type of the parameter value.
`encryptionKey`	`aws-cdk-lib.aws_kms.IKey`	The encryption key that is used to encrypt this parameter.
`removalPolicy`	`aws-cdk-lib.RemovalPolicy`	Policy to apply when the parameter is removed from this stack.
`type`	`aws-cdk-lib.aws_ssm.ParameterType`	The type of the parameter.

`allowedPattern`^Optional

public readonly allowedPattern: string;

Type: string
Default: no validation is performed

A regular expression used to validate the parameter value.

For example, for String types with values restricted to numbers, you can specify the following: ^\d+$

`description`^Optional

public readonly description: string;

Type: string
Default: none

Information about the parameter that you want to add to the system.

`parameterName`^Optional

public readonly parameterName: string;

Type: string
Default: a name will be generated by CloudFormation

The name of the parameter.

`simpleName`^Optional

public readonly simpleName: boolean;

Type: boolean
Default: auto-detect based on parameterName

Indicates if the parameter name is a simple name (i.e. does not include "/" separators).

This is required only if parameterName is a token, which means we are unable to detect if the name is simple or "path-like" for the purpose of rendering SSM parameter ARNs.

If parameterName is not specified, simpleName must be true (or undefined) since the name generated by AWS CloudFormation is always a simple name.

`tier`^Optional

public readonly tier: ParameterTier;

Type: aws-cdk-lib.aws_ssm.ParameterTier
Default: undefined

The tier of the string parameter.

`stringValue`^Required

public readonly stringValue: string;

Type: string

The value of the parameter.

It may not reference another parameter and {{}} cannot be used in the value.

`valueType`^Required

public readonly valueType: ValueType;

Type: ValueType

The type of the stringValue. Use type encrypted if the value is encrypted with a kms key.

WARNING: If you use plaintext, the unecrypted value of the parameter is visible to anyone who has access to cloudformation or deploy artifacts.

`dataType`^Optional

public readonly dataType: ParameterDataType;

Type: aws-cdk-lib.aws_ssm.ParameterDataType
Default: ParameterDataType.TEXT

The data type of the parameter value.

Only text is allowed.

`encryptionKey`^Optional

public readonly encryptionKey: IKey;

Type: aws-cdk-lib.aws_kms.IKey
Default: alias/aws/ssm

The encryption key that is used to encrypt this parameter.

`removalPolicy`^Optional

public readonly removalPolicy: RemovalPolicy;

Type: aws-cdk-lib.RemovalPolicy
Default: RemovalPolicy.DESTROY

Policy to apply when the parameter is removed from this stack.

`type`^Optional

public readonly type: ParameterType;

Type: aws-cdk-lib.aws_ssm.ParameterType
Default: ParameterType.SECURE_STRING

The type of the parameter.

Only SecureString is allowed.

Enums

ValueType

The type of the stringValue.

Members

Name	Description
`ENCRYPTED`	Indicates that the value of this parameter is encrypted with a kms key.
`PLAINTEXT`	Indicates that the value of this parameter is in plain text.

`ENCRYPTED`

Indicates that the value of this parameter is encrypted with a kms key.

`PLAINTEXT`

Indicates that the value of this parameter is in plain text.

Files

API.md

Latest commit

History

API.md

File metadata and controls

API Reference

Constructs

SecureStringParameter

Initializers

scopeRequired

idRequired

propsRequired

Methods

toString

applyRemovalPolicy

policyRequired

asStringParameter

grantRead

granteeRequired

grantWrite

granteeRequired

Static Functions

isConstruct

xRequired

isOwnedResource

constructRequired

isResource

constructRequired

Properties

nodeRequired

envRequired

stackRequired

parameterArnRequired

parameterNameRequired

parameterTypeRequired

stringValueRequired

tagsRequired

valueTypeRequired

encryptionKeyOptional

Structs

EncryptedSecureStringParameterProps

Initializer

Properties

allowedPatternOptional

descriptionOptional

parameterNameOptional

simpleNameOptional

tierOptional

encryptionKeyRequired

stringValueRequired

valueTypeRequired

dataTypeOptional

removalPolicyOptional

typeOptional

PlainTextSecureStringParameterProps

Initializer

Properties

allowedPatternOptional

descriptionOptional

parameterNameOptional

simpleNameOptional

tierOptional

stringValueRequired

valueTypeRequired

dataTypeOptional

encryptionKeyOptional

removalPolicyOptional

typeOptional

Enums

ValueType

Members

ENCRYPTED

PLAINTEXT

`scope`^Required

`id`^Required

`props`^Required

`toString`

`applyRemovalPolicy`

`policy`^Required

`asStringParameter`

`grantRead`

`grantee`^Required

`grantWrite`

`grantee`^Required

`isConstruct`

`x`^Required

`isOwnedResource`

`construct`^Required

`isResource`

`construct`^Required

`node`^Required

`env`^Required

`stack`^Required

`parameterArn`^Required

`parameterName`^Required

`parameterType`^Required

`stringValue`^Required

`tags`^Required

`valueType`^Required

`encryptionKey`^Optional

`allowedPattern`^Optional

`description`^Optional

`parameterName`^Optional

`simpleName`^Optional

`tier`^Optional

`encryptionKey`^Required

`stringValue`^Required

`valueType`^Required

`dataType`^Optional

`removalPolicy`^Optional

`type`^Optional

`allowedPattern`^Optional

`description`^Optional

`parameterName`^Optional

`simpleName`^Optional

`tier`^Optional

`stringValue`^Required

`valueType`^Required

`dataType`^Optional

`encryptionKey`^Optional

`removalPolicy`^Optional

`type`^Optional

`ENCRYPTED`

`PLAINTEXT`