AWS Systems Manager Parameter

This page shows how to write Terraform and CloudFormation for Systems Manager Parameter and write them securely.

aws_ssm_parameter (Terraform)

The Parameter in Systems Manager can be configured in Terraform with the resource name aws_ssm_parameter. The following sections describe 3 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L5
resource "aws_ssm_parameter" "global_google_geocoding_api_key" {
    name = "/Environment/global/GOOGLE_GEOCODING_API_KEY"
    type = "SecureString"
    value = "redacted"
}

main.tf#L5
resource "aws_ssm_parameter" "global_google_geocoding_api_key" {
    name = "/Environment/global/GOOGLE_GEOCODING_API_KEY"
    type = "SecureString"
    value = "redacted"
}

ssm.tf#L1
resource "aws_ssm_parameter" "api_port" {
  name  = "API_PORT"
  type  = "SecureString"
  value = var.api_port
}

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides an SSM Parameter resource.

AWS::SSM::Parameter (CloudFormation)

The Parameter in SSM can be configured in CloudFormation with the resource name AWS::SSM::Parameter. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

sam.yml#L6
    Type: AWS::SSM::Parameter::Value<String>
    Default: BookmarksChatBotSnsTopicArn

  BookmarksToolsLayerArn:
    Type: AWS::SSM::Parameter::Value<String>
    Default: BookmarksToolsLayerArn
ssm-params.yml#L4
    Type: "AWS::SSM::Parameter"
    Properties:
      Name: "Cluster"
      Type: "String"
      Value: "app-cluster"
  DevLoadBalancerArn:
ssm-param.yml#L3
    Type: "AWS::SSM::Parameter"
    Properties:
      Name: /${self:service}/IdentityPoolId/${self:provider.stage}
      Type: String
      Value: ${cf:garmin-log-client-svc-${self:provider.stage}.IdentityPoolId}

ssm.yml#L3
    Type : "AWS::SSM::Parameter"
    Properties:
      Name: "/${self:provider.stage}/formsli/app/name"
      Description : Application Name
      Value: formsli
      Type: String
ssm-parameters.yml#L111
    Type: AWS::SSM::Parameter
    Properties:
      Name: discourse-common-Customer
      Type: String
      Description: Name of customer or company
      Value: !Ref pDiscourseCommonCustomer
serverless-state.json#L667
            "Type": "AWS::SSM::Parameter",
            "Properties": {
              "Name": "/dev/formsli/app/name",
              "Description": "Application Name",
              "Value": "formsli",
              "Type": "String"
cloudformation-template-update-stack.json#L620
      "Type": "AWS::SSM::Parameter",
      "Properties": {
        "Name": "/dev/formsli/app/name",
        "Description": "Application Name",
        "Value": "formsli",
        "Type": "String"
SSMTD.json#L233
      "Type": "AWS::SSM::Parameter",
      "Properties": {
        "Name": {
          "Fn::Join": ["", ["/cmbp/", { "Ref": "Environment" }, "/server/port"]]
        },
        "Type": "String",
integ.parameter-arns.expected.json#L10
      "Type": "AWS::SSM::Parameter",
      "Properties": {
        "Type": "String",
        "Value": "hello, world"
      }
    },
integ.parameter-arns.expected.json#L10
      "Type": "AWS::SSM::Parameter",
      "Properties": {
        "Type": "String",
        "Value": "hello, world"
      }
    },

Parameters

Explanation in CloudFormation Registry

The AWS::SSM::Parameter resource creates an SSM parameter in AWS Systems Manager Parameter Store.

Important To create an SSM parameter, you must have the AWS Identity and Access Management (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, AWS CloudFormation adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify. To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see Managing Access Using Policies in the AWS Systems Manager User Guide.

For information about valid values for parameters, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide and PutParameter in the AWS Systems Manager API Reference.

Frequently asked questions

What is AWS Systems Manager Parameter?

AWS Systems Manager Parameter is a resource for Systems Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Systems Manager Parameter?

For Terraform, the VJ-CCS-Tech-ops/cmpdevforcode, Crown-Commercial-Service/CMpDevEnvironment and tetsuzawa/recipesapi source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the sinofseven/sar-billing-report-to-slack, aws-samples/aws-vending-pipelines-workshop and zerotreedelta/garmin-log-client-svc source code examples are useful. See the CloudFormation Example section for further details.