AWS: ${ssm} resolve vairbale as JSON if it is stored as JSON in Secrets Manager

[exoego]

What did you implement:

Closes #5838

How did you implement it:

After this PR, ${ssm} resolves variable as JSON only if referencing to a secret stored in AWS Secrets Manager and returned value is valid JSON.
Otherwise it returns plain text.

It do not throw an error if invalid JSON, since AWS Secrets Manager can store any text including invalid JSON.

How can we verify it:

1. npm install -g exoego/serverless#ssm-should-fail
2. Create a secret foo in AWS Secrets Manager.

{
  "num": 1,
  "str": "secret"
}

3. Create a serverless.yml

service: new-service
provider: aws
functions:
  hello:
    name: hello
    handler: handler.hello
custom:
  supersecret: ${ssm:/aws/reference/secretsmanager/foo~true}

4. Run sls print and confirm supersecret is like

custom:
  supersecret: 
     num: 1
     str: secret

Todos:

• Write tests
• Write documentation
• Fix linting errors
• Make sure code coverage hasn't dropped
• Provide verification config / commands / resources
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO
This could be breaking change if existing users expect getting JSON as plaintext

[dschep]

Added a question, but I think this is great!

[dschep]

How hard would it be to add ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true:hello}

Tho you can always work around it: ${self:custom.supersecret.hello}
😁

[enapupe]

I think it would involve some "caching" so it's not requesting SSM every time this line is references. Using custom seems more elegant!

[jormaechea]

I know this is closed, but thanks @exoego.. This was almost driving me mad in v1.36 😝

[vmtzkr]

As per it is possible to access Parameter Store items. And I try to access them as written here. But currently, the parameters set in serverless_state.json are just stringified JSON data.

Would it be possible to extend this merge to not only support Secret Manager variables containing /aws/reference/secretsmanager, but also JSON formatted Parameter Store items?

[Pipeliner]

@exoego is there a way not to resolve variable as JSON and treat it as a string?
I need to use this ssm variable as a string (specifically, to pass it as an environment variable).

[Pipeliner]

As shown in comments to #5869, using aws/... instead of /aws/... works: #5869 (comment)
Is this an intended behavior? Should it be documented?