~wombelix/cfn-custom-resource-aws-ssm-securestring

A custom resource for CloudFormation to interact with SecureString values from AWS SSM Parameter Store
docs(README): repo mirrors added
docs(README): sr.ht build badge added
build(sr.ht): manifest with mirror task

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~wombelix/cfn-custom-resource-aws-ssm-securestring
read/write
git@git.sr.ht:~wombelix/cfn-custom-resource-aws-ssm-securestring

You can also use your local clone with git send-email.

#CloudFormation Custom Resource AWS SSM Parameter Store SecureString

A custom resource for CloudFormation to interact with SecureString values from AWS SSM Parameter Store. I came up with that while creating and managing AWS infrastructure for some of my side-projects.

REUSE status builds.sr.ht status

#Table of Contents

#Example

I use the following Cfn snippet to create an entry in AWS SSM Parameter Store, encrypted with an AWS KMS key. The different values coming from Parameters or other resources from my CloudFormation Stack.

ServiceToken is the arn of the custom resource Lambda function that will be triggered.

The rest should be self-explaining, Name, Value and Description will be added to the Parameter Store entry. KmsKeyId is the arn of the AWS KMS key you want to use to encrypt the the entry.

  IAMUserIACOpenTofuAccessKeyParameterStore:
    Type: AWS::CloudFormation::CustomResource
    Properties:
      ServiceToken: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${CustomResourceLambdaName}
      Name: !Ref ParameterNameForAccessKey
      Value: !Ref IAMUserIACOpenTofuAccessKey
      Description: !Sub "The access key for IAM User ${IAMUserIACOpenTofu}"
      KmsKeyId: !ImportValue
                  'Fn::Sub': ${KMSStackName}-KMSKeyBackendEncryptionArn
      Tags: 
        - Key: "Environment"
          Value: "Production"
        - Key: "Usage"
          Value: "IAC-OpenTofu"

#Source

The primary location is: https://git.sr.ht/~wombelix/cfn-custom-resource-aws-ssm-securestring

Mirrors of the repository are available on Codeberg, Gitlab and Github.

#Contribute

Please don't hesitate to provide Feedback, open an Issue or create a Pull / Merge Request.

Just pick the workflow or platform you prefer and are most comfortable with.

Feedback, bug reports or patches to my sr.ht list ~wombelix/inbox@lists.sr.ht or via Email and Instant Messaging are also always welcome.

#License

Unless otherwise stated: MIT

All files contain license information either as header comment or corresponding .license file.

REUSE from the FSFE implemented to verify license and copyright compliance.