How To Create Parameter Store In AWS SSM
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed AWS SSM Session Manager and how to connect to an AWS EC2 instance without a key pair using SSM Session Manager.
https://cloudaffaire.com/how-to-connect-to-an-aws-ec2-instance-without-key-pair/
In this blog post, we will discuss how to create a parameter store in AWS System Manager (SSM).
What Is Parameter Store:
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data.
What Is Parameter In Parameter Store:
A Parameter Store parameter is any piece of data that is saved in Parameter Store, such as a block of text, a list of names, a password, an Amazon Machine Image (AMI) ID, a license key, and so on. You can centrally and securely reference this data in your scripts, commands, and SSM documents. Parameter Store provides support for three types of parameters:
- String: String parameters consist of any block of text you enter, for example aws or gcp.
- StringList: StringList parameters contain a comma-separated list of values, for example aws,azure,gcp.
- SecureString: SecureString parameter is any sensitive data that needs to be stored and referenced in a secure manner, for example password or license keys.
Parameter Naming Convention And Restrictions:
- Case sensitivity: Parameter names are case sensitive.
- Spaces: Parameter names can’t include spaces.
- Valid characters: Parameter names can consist of the following symbols and letters only: a-zA-Z0-9_.-/
- Valid AMI format: When you choose aws:ec2:image as the data type for a String parameter, the ID you enter must validate for the AMI ID format ami-12345abcdeEXAMPLE.
- Fully qualified: When you create or reference a parameter in a hierarchy, you must include a leading forward slash character (/) . When you reference a parameter that is part of a hierarchy, you must specify the entire hierarchy path including the initial slash (/).
- Length: The maximum length for a parameter name, including the full content of the parameter Amazon Resource Name (ARN), is 1011 characters.
- Prefixes: A parameter name cannot be prefixed with “aws” or “ssm” (case-insensitive).
- Uniqueness: A parameter name must be unique within an AWS Region.
- Hierarchy depth: If you specify a parameter hierarchy, the hierarchy can have a maximum depth of fifteen levels.
Features Of Parameter Store:
- Secure And Hierarchical Storage: You can store configuration data or secrets in Parameter store.
- Free: You can use the standard tier of parameter store without any additional cost.
- Change notification: You can set up notifications or trigger actions based on Parameter Store events.
- Organize and control access: You can tag your parameters individually to help you quickly identify one or more parameters based on the tags you’ve assigned to them.
- Label versions: You can associate an alias for versions of your parameter by creating labels that can help you remember the purpose of a parameter version when there are multiple versions.
- Data validation: You can create parameters that point to an Amazon EC2 instance and Parameter Store will validate these parameters to ensure that it references the expected resource type, that the resource exists, and that the customer has permission to use the resource.
- Reference secrets: Parameter Store is integrated with AWS Secrets Manager so that you can retrieve Secrets Manager secrets.
- Accessible from other AWS services: You can use Parameter Store parameters with other Systems Manager capabilities and AWS services to retrieve secrets and configuration data from a central store.
How To Create Parameter Store In AWS SSM
Requirements:
AWS CLI installed and configured. You can follow the below blog post to install and configure AWS CLI.
https://cloudaffaire.com/how-to-install-aws-cli/
https://cloudaffaire.com/how-to-configure-aws-cli/
Step 1: Create a new parameter of different types in SSM parameter store.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
############################################## ## How To Create Parameter Store In AWS SSM ## ############################################## ## If you are executing the AWS CLI command from Shell, replace ^ by \ ## If you are executing the AWS CLI command from PowerShell, replace ^ by ` ## Create two new parameters of type string aws ssm put-parameter ^ --name "/mypstore/string_type/username" ^ --value "debjeet" ^ --type String ^ --tags "Key=env,Value=dev" aws ssm put-parameter ^ --name "/mypstore/string_type/website" ^ --value "cloudaffaire.com" ^ --type String ^ --tags "Key=env,Value=dev" ## Create a new parameter of type string list aws ssm put-parameter ^ --name "/mypstore/string_list/technologies" ^ --value "aws,azure,gcp" ^ --type StringList ^ --tags "Key=env,Value=dev" ## Create a new parameter of type secure string aws ssm put-parameter ^ --name "/mypstore/secure_string/password" ^ --value 'Pa$$w0rd' ^ --type "SecureString" ^ --tags "Key=env,Value=dev" |
Step 2: List all available parameters in a single AWS region.
|
1 2 |
## List all parameters aws ssm describe-parameters |
Step 3: Get parameter details.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
## Get parameter value by path aws ssm get-parameters-by-path ^ --path "/mypstore/string_type/" ## Get a single parameter by name aws ssm get-parameter ^ --name "/mypstore/string_type/username" ## Get multiple parameters by name aws ssm get-parameters ^ --names "/mypstore/string_type/username" "/mypstore/secure_string/password" ## Get decrypted parameter values for secure string type aws ssm get-parameters ^ --names "/mypstore/string_type/username" "/mypstore/secure_string/password" ^ --with-decryption |
Step 4: Update an existing parameter value.
|
1 2 3 4 5 6 7 8 |
## Update a parameter aws ssm put-parameter ^ --name "/mypstore/string_type/username" ^ --value "chandrima" ^ --type String ^ --overwrite ## Observe parameter version has been changed to version 2 |
Step 5: Create a version label for your changed parameters.
|
1 2 3 4 5 6 7 8 9 10 |
## You can also create a label for all the versions aws ssm label-parameter-version ^ --name "/mypstore/string_type/username" ^ --parameter-version "1" ^ --labels "InitialNameDebjeet" aws ssm label-parameter-version ^ --name "/mypstore/string_type/username" ^ --parameter-version "2" ^ --labels "changed_name_chandrima" |
Step 6: Get version change history for a parameter.
|
1 2 3 |
## Get the version change history details aws ssm get-parameter-history ^ --name "/mypstore/string_type/username" |
Step 7: Cleanup.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
## Delete parameters aws ssm delete-parameter ^ --name "/mypstore/string_type/username" aws ssm delete-parameter ^ --name "/mypstore/string_type/website" aws ssm delete-parameter ^ --name "/mypstore/string_list/technologies" aws ssm delete-parameter ^ --name "/mypstore/secure_string/password" |
Hope you have enjoyed this blog post, to get more details on AWS SSM, please refer below AWS documentation
https://docs.aws.amazon.com/systems-manager/index.html