ssm.parameter.SecureString
Create, update, and delete a SecureString SSM parameter.
A SecureString parameter is any sensitive data that needs to be stored and referenced in a secure manner. If you have data that you don’t want users to alter or reference in plaintext, such as passwords or license keys, create those parameters using the SecureString datatype.
When used in the pre_deploy or post_deploy stage this hook will create or update an SSM parameter.
When used in the pre_destroy or post_destroy stage this hook will delete an SSM parameter.
New in version 2.2.0.
Args
- allowed_pattern: Optional[str] = None
A regular expression used to validate the parameter value.
- data_type: Optional[Literal['aws:ec2:image', 'text']] = None
The data type for a String parameter. Supported data types include plain text and Amazon Machine Image IDs.
- description: Optional[str] = None
Information about the parameter.
- force: bool = False
Skip checking the current value of the parameter, just put it. Can be used alongside overwrite to always update a parameter.
- key_id: Optional[str] = None
The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key.
- name: str
The fully qualified name of the parameter that you want to add to the system.
- overwrite: bool = True
Allow overwriting an existing parameter. If this is set to
Falseand the parameter already exists, the parameter will not be updated and a warning will be logged.
- policies: Optional[Union[List[Dict[str, Any]], str]] = None
One or more policies to apply to a parameter. This field takes a JSON array.
- tags: Optional[Union[Dict[str, str], List[TagTypeDef]]] = None
Tags to be applied to the parameter.
- tier: Literal['Advanced', 'Intelligent-Tiering', 'Standard'] = "Standard"
The parameter tier to assign to a parameter.
- value: Optional[str] = None
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
If the value of this field is falsy, the parameter will not be created or updated.
If the value of this field matches what is already in SSM Parameter Store, it will not be updated unless force is
True.
Example
pre_deploy: &hooks
- path: runway.cfngin.hooks.ssm.parameter.SecureString
args:
name: /example/foo
value: bar
- path: runway.cfngin.hooks.ssm.parameter.SecureString
args:
name: /example/parameter1
description: This is an example.
tags:
tag-key: tag-value
tier: Advanced
value: ${value_may_be_none}
- path: runway.cfngin.hooks.ssm.parameter.SecureString
args:
name: /example/parameter2
policies:
- Type: Expiration
Version: 1.0
Attributes:
Timestamp: 2018-12-02T21:34:33.000Z
tags:
- Key: tag-key
Value: tag-value
value: ${something_else}
post_destroy: *hooks