How to Create SSM Parameter using CloudFormation

Create SSM Parameter using CloudFormation
Sharing is Caring:

Dear Reader, Hope you are doing well 🙂 . In this post, I will help you create SSM parameter using CloudFormation. In addition to that, I will also share the permissions that are required to create an SSM parameter using CloudFormation.

You can also checkout my post on how to use ssm parameter in CloudFormation to understand how to use the created SSM parameter in CloudFormation.

Basically, You will need an AWS::SSM::Parameter resource which will create an SSM parameter in AWS Systems Manager Parameter Store.

What is Systems Manager Parameter Store?

  • SSM parameter store lets you store key value pairs that can be your application configuration data or environment variables, your database string or even passwords.
  • You can store those as plain text or encrypted
  • You can find detailed information about them here.

You may also like:

Things Needed to Create SSM Parameter using CloudFormation

As a beginner, I always faced issue in finding correct set of permissions and a minimal template to create a resource using CloudFormation. So, I will help you with both of them in this post.

However, if you want to know how to create a CloudFormation stack, please feel free to checkout below aws documentation.

Permissions:

If you are an admin user you can simply go ahead to the template section, save that and create SSM parameter.

However, if you are not an admin user or you are using a service linked role to create this ssm parameter, make sure you or your role have below permissions apart from cloudformation:* and iam:passrole .

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                ssm:PutParameter
		ssm:AddTagsToResource
            ],
            "Resource": [
                "*"
            ],
            "Effect": "Allow"
        }
    ]
}

Templates in YAML

Let’s look at the simplest template below which creates a parameter with name WebsiteBucket and value of parameter DevBucketName of type String.

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  DevBucketName:
    Type: String
    Default: dev-bucket

Resources:
  #Create Bucket name in SSM Parameter Store    
  BucketNameParamater:
    Type: AWS::SSM::Parameter
    Properties: 
      Description: WebsiteBucket S3 bucket
      Name: WebsiteBucket
      Type: String
      Value: !Ref DevBucketName

As you can see from above all the fields are self explanatory. I will still explain about type below.

As of now allowed value of Type are : String | StringList

In other words, you can have String and StringList for your single string parameter and multiple parameters respectively

Type: String

or 

Type: StringList

SecureString is not supported at the time I am writing this.

Additionally, You can use below template for storing list of string or StringList Type.

AWSTemplateFormatVersion: 2010-09-09
Parameters:
  Bucket1:
    Type: String
    Default: dev-bucket
  Bucket2:
    Type: String
    Default: test-bucket

Resources:
  #Create BucketNameList in SSM Parameter Store    
  BucketListParamater:
    Type: AWS::SSM::Parameter
    Properties: 
      Description: WebsiteBucket S3 bucket
      Name: BucketList
      Type: StringList
      Value: 
        Fn::Join:
          - ','
          - - Ref: Bucket1
            - Ref: Bucket2

Templates in JSON

String type parameter:

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {
        "DevBucketName": {
            "Type": "String",
            "Default": "dev-bucket"
        }
    },
    "Resources": {
        "BucketNameParamater": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
                "Description": "WebsiteBucket S3 bucket",
                "Name": "WebsiteBucket",
                "Type": "String",
                "Value": {
                    "Ref": "DevBucketName"
                }
            }
        }
    }
}

StringList type parameter

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Parameters": {
        "Bucket1": {
            "Type": "String",
            "Default": "dev-bucket"
        },
        "Bucket2": {
            "Type": "String",
            "Default": "test-bucket"
        }
    },
    "Resources": {
        "BucketListParamater": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
                "Description": "WebsiteBucket S3 bucket",
                "Name": "BucketList",
                "Type": "StringList",
                "Value": {
                    "Fn::Join": [
                        ",",
                        [
                            {
                                "Ref": "Bucket1"
                            },
                            {
                                "Ref": "Bucket2"
                            }
                        ]
                    ]
                }
            }
        }
    }
}

Conclusion:

To sum up, we discussed how to create an SSM parameter using CloudFormation. We also discussed the permission required to do the same.

Apart from that, I shared the template to create SSM parameter in YML and JSON both for parameter type String and StringList.

If you find any issue while creating the ssm parameter, please leave a comment below. I would be happy to help.

Enjoyed the content?

Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.

Don’t forget to motivate me by-

Suggested Read:

Sharing is Caring:

3 thoughts on “How to Create SSM Parameter using CloudFormation”

  1. Hi
    Wen I use this template it tells that atleast one resource must be mentioned. What any be done for it?

    1. Hi Nikita, Thank you for your comment.

      I have updated the template and tested on my side. Now the template works fine. Please use the updated template. And let me know if you still face the issue

Leave a Reply

Your email address will not be published. Required fields are marked *