Skip to content

Sceptre/sceptre-ssm-resolver

Repository files navigation

Overview

The purpose of this resolver is to retrieve values from the AWS SSM.

Install

pip install sceptre-ssm-resolver

Available Resolvers

ssm

Fetches the value stored in AWS SSM Parameter Store.

Note: Sceptre must be run with a user or role that has access to the parameter store

Syntax:

parameter|sceptre_user_data:
  <name>: !ssm /prefix/param
parameter|sceptre_user_data:
  <name>: !ssm
    name: /prefix/param
    region: us-east-1
    profile: OtherAccount
parameter|sceptre_user_data:
  <name>: !ssm {"name": "/prefix/param", "region": "us-east-1", "profile": "OtherAccount"}

Parameters

  • name - SSM key name, mandatory
  • region - SSM key region, optional, stack region by default
  • profile - SSM key's account profile , optional, stack profile by default

Example:

Add a secure string to the SSM parameter store

aws ssm put-parameter --name /dev/DbPassword --value "mysecret" \
--key-id alias/dev/kmskey --type "SecureString"

Retrieve and decrypt SSM parameter from the same account that the stack is being deployed to:

parameters:
  database_password: !ssm /dev/DbPassword

Retrieve and decrypt SSM parameter from another AWS account:

parameters:
  database_password: !ssm
    name: /dev/DbPassword
    profile: OtherAccount