How to Create SSM Parameter using CloudFormation
Dear Reader, Hope you are doing well :). In this post, I will help you create SSM parameter using CloudFormation. In addition to that, I will also share the permissions that are required to create an SSM parameter using CloudFormation.
You can also check out my post on how to use ssm parameter in CloudFormation to understand how to use the created SSM parameter in CloudFormation.
Basically, You will need a AWS::SSM::Parameter resource which will create an SSM parameter in AWS Systems Manager Parameter Store.
What is a Systems Manager Parameter Store?
- SSM parameter store lets you store key-value pairs that can be your application configuration data or environment variables, your database string or even passwords.
- You can store those as plain text or encrypted
- You can find detailed information about them here.
You may also like:
- Create S3 bucket using CloudFormation
- Create DynamoDB table using CloudFormation
- Create API Gateway Custom Domain using CloudFormation
- Provision ACM certificate using CloudFormation
Things Needed to Create SSM Parameter using CloudFormation
As a beginner, I always faced issues in finding the correct set of permissions and a minimal template to create a resource using CloudFormation. So, I will help you with both of them in this post.
However, if you want to know how to create a CloudFormation stack, please feel free to check these articles out.
Permissions:
If you are an admin user you can simply go ahead to the template section, save that and create an SSM parameter.
However, if you are not an admin user or you are using a service-linked role to create this SSM parameter, make sure you or your role have the below permissions apart from cloudformation:* and iam:passrole .
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
ssm:PutParameter
ssm:AddTagsToResource
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}Template Example to Create SSM Parameter using CloudFormation in YAML
Let’s look at the simplest template below which creates a parameter with the name WebsiteBucket and the value of the parameter DevBucketName of type String.
AWSTemplateFormatVersion: 2010-09-09
Parameters:
DevBucketName:
Type: String
Default: dev-bucket
Resources:
#Create Bucket name in SSM Parameter Store
BucketNameParamater:
Type: AWS::SSM::Parameter
Properties:
Description: WebsiteBucket S3 bucket
Name: WebsiteBucket
Type: String
Value: !Ref DevBucketNameAs you can see from above all the fields are self-explanatory. I will still explain about type below.
As of now allowed values of Type are: String | StringList
In other words, you can have String and StringList for your single string parameter and multiple parameters respectively
Type: String
or
Type: StringListSecureString is not supported at the time I am writing this.
Additionally, You can use the below template for storing a list of strings or StringList Type.
AWSTemplateFormatVersion: 2010-09-09
Parameters:
Bucket1:
Type: String
Default: dev-bucket
Bucket2:
Type: String
Default: test-bucket
Resources:
#Create BucketNameList in SSM Parameter Store
BucketListParamater:
Type: AWS::SSM::Parameter
Properties:
Description: WebsiteBucket S3 bucket
Name: BucketList
Type: StringList
Value:
Fn::Join:
- ','
- - Ref: Bucket1
- Ref: Bucket2Template Example to Create SSM Parameter using CloudFormation in JSON
Once you have the template in YAML or JSON, you can convert it to JSON or YAML. I have got you covered here: Convert a CloudFormation Template from YAML to JSON and Vice Versa
String type parameter:
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"DevBucketName": {
"Type": "String",
"Default": "dev-bucket"
}
},
"Resources": {
"BucketNameParamater": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Description": "WebsiteBucket S3 bucket",
"Name": "WebsiteBucket",
"Type": "String",
"Value": {
"Ref": "DevBucketName"
}
}
}
}
}StringList type parameter
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters": {
"Bucket1": {
"Type": "String",
"Default": "dev-bucket"
},
"Bucket2": {
"Type": "String",
"Default": "test-bucket"
}
},
"Resources": {
"BucketListParamater": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Description": "WebsiteBucket S3 bucket",
"Name": "BucketList",
"Type": "StringList",
"Value": {
"Fn::Join": [
",",
[
{
"Ref": "Bucket1"
},
{
"Ref": "Bucket2"
}
]
]
}
}
}
}
}Conclusion:
To sum up, we discussed how to create an SSM parameter using CloudFormation. We also discussed the permission required to do the same.
You can also check out my post on how to deploy a CloudFormation template to AWS using AWS CLI.
Apart from that, I shared the template to create SSM parameters in YML and JSON both for parameter type String and StringList.
If you find any issues while creating the SSM parameter, please leave a comment below. I would be happy to help.
Enjoyed the content?
Subscribe to our newsletter below to get awesome AWS learning materials delivered straight to your inbox.
Don’t forget to motivate me by-
- Adding a comment below on what you liked and what can be improved.
- Follow us on
- Share this post with your friends
Suggested Read:
- AWS Serverless Application Model(SAM): All You Need to Know
- Serverless Services on S3: Complete List With Explanation
- How to Create an EC2 Instance in an existing VPC using CloudFormation
- Attach an IAM Role to an EC2 Instance using CloudFormation
- Automated Deployment of a react App from CodeCommit to S3
- Basics Of Cyber Security for Beginners
- Most common cyber attacks in 2020
- This is why S3 bucket names are unique globally
- Things You Should Know about AWS SQS Dead Letter Queue
- Basics of Serverless Computing
- Hello and Welcome to CloudKatha(First Post)
3 thoughts on “How to Create SSM Parameter using CloudFormation”
Hi
Wen I use this template it tells that atleast one resource must be mentioned. What any be done for it?
Hi Nikita, Thank you for your comment.
I have updated the template and tested on my side. Now the template works fine. Please use the updated template. And let me know if you still face the issue