docs(README): repo mirrors added
docs(README): sr.ht build badge added
build(sr.ht): manifest with mirror task
A custom resource for CloudFormation to interact with SecureString values from AWS SSM Parameter Store. I came up with that while creating and managing AWS infrastructure for some of my side-projects.
I use the following Cfn snippet to create an entry in AWS SSM Parameter Store, encrypted with an AWS KMS key. The different values coming from Parameters or other resources from my CloudFormation Stack.
ServiceToken
is the arn
of the custom resource Lambda function that will be triggered.
The rest should be self-explaining, Name
, Value
and Description
will be added to the Parameter Store entry.
KmsKeyId
is the arn
of the AWS KMS key you want to use to encrypt the the entry.
IAMUserIACOpenTofuAccessKeyParameterStore:
Type: AWS::CloudFormation::CustomResource
Properties:
ServiceToken: !Sub arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:${CustomResourceLambdaName}
Name: !Ref ParameterNameForAccessKey
Value: !Ref IAMUserIACOpenTofuAccessKey
Description: !Sub "The access key for IAM User ${IAMUserIACOpenTofu}"
KmsKeyId: !ImportValue
'Fn::Sub': ${KMSStackName}-KMSKeyBackendEncryptionArn
Tags:
- Key: "Environment"
Value: "Production"
- Key: "Usage"
Value: "IAC-OpenTofu"
The primary location is: https://git.sr.ht/~wombelix/cfn-custom-resource-aws-ssm-securestring
Mirrors of the repository are available on Codeberg, Gitlab and Github.
Please don't hesitate to provide Feedback, open an Issue or create a Pull / Merge Request.
Just pick the workflow or platform you prefer and are most comfortable with.
Feedback, bug reports or patches to my sr.ht list ~wombelix/inbox@lists.sr.ht or via Email and Instant Messaging are also always welcome.
Unless otherwise stated: MIT
All files contain license information either as header comment
or corresponding .license
file.
REUSE from the FSFE implemented to verify license and copyright compliance.