Skip to content

Latest commit

 

History

History
147 lines (106 loc) · 3.73 KB

ssm.parameter.SecureString.rst

File metadata and controls

147 lines (106 loc) · 3.73 KB
Raw

ssm.parameter.SecureString

Hook Path

runway.cfngin.hooks.ssm.parameter.SecureString

Create, update, and delete a SecureString SSM parameter.

A SecureString parameter is any sensitive data that needs to be stored and referenced in a secure manner. If you have data that you don't want users to alter or reference in plaintext, such as passwords or license keys, create those parameters using the SecureString datatype.

When used in the ~cfngin.config.pre_deploy or ~cfngin.config.post_deploy stage this hook will create or update an SSM parameter.

When used in the ~cfngin.config.pre_destroy or ~cfngin.config.post_destroy stage this hook will delete an SSM parameter.

2.2.0

Args

allowed_pattern

A regular expression used to validate the parameter value.

data_type

The data type for a String parameter. Supported data types include plain text and Amazon Machine Image IDs.

description

Information about the parameter.

force

Skip checking the current value of the parameter, just put it. Can be used alongside overwrite to always update a parameter.

key_id

The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key.

name

The fully qualified name of the parameter that you want to add to the system.

overwrite

Allow overwriting an existing parameter. If this is set to False and the parameter already exists, the parameter will not be updated and a warning will be logged.

policies

One or more policies to apply to a parameter. This field takes a JSON array.

tags

Tags to be applied to the parameter.

tier

The parameter tier to assign to a parameter.

value

The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.

If the value of this field is falsy, the parameter will not be created or updated.

If the value of this field matches what is already in SSM Parameter Store, it will not be updated unless force is True.

Example

pre_deploy: &hooks
  - path: runway.cfngin.hooks.ssm.parameter.SecureString
    args:
      name: /example/foo
      value: bar
  - path: runway.cfngin.hooks.ssm.parameter.SecureString
    args:
      name: /example/parameter1
      description: This is an example.
      tags:
        tag-key: tag-value
      tier: Advanced
      value: ${value_may_be_none}
  - path: runway.cfngin.hooks.ssm.parameter.SecureString
    args:
      name: /example/parameter2
      policies:
        - Type: Expiration
          Version: 1.0
          Attributes:
            Timestamp: 2018-12-02T21:34:33.000Z
      tags:
        - Key: tag-key
          Value: tag-value
      value: ${something_else}

post_destroy: *hooks