[SSM] How to always get latest version of Secure String in Parameter Store
See original GitHub issue❓ General Issue
The Question
My team will automatically update SecureString in ParameterStore via CLI, but in CDK, I couldn’t / find any way to get around Cloudformation limitation, or workaround (just work) method to always force get the latest version while using DBInstance.
Environment
- CDK CLI Version: 1.59.0
- Module Version: 1.59.0
- Node.js Version: 14.8.0
- OS: OSX Catalina
- Language (Version): TypeScript (3.9.7)
Other information
Sample code:
const sqlInstance = new DatabaseInstance(this, `Sql-${opt.stage}`, {
engine: DatabaseInstanceEngine.POSTGRES,
instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
masterUsername: SQL_USER_NAME,
masterUserPassword: ssm.StringParameter.valueForSecureStringParameter(this, "${opt.stage}/SQL_PASSWORD",
"<Hope I can always get latest version number....>"),
})
Issue Analytics
- State:
- Created 3 years ago
- Comments:13 (3 by maintainers)
Top Results From Across the Web
Get a value from the Systems Manager Parameter Store
Only plain Systems Manager strings may be retrieved, not secure strings. It is not possible to request a specific version; the latest version...
Read more >A complete guide to using the AWS Parameter Store
Complete guide to the AWS Systems Manager Parameter Store including parameter types, encrypted parameters, roles, awscli commands, boto3.
Read more >SSM Parameter Store for keeping secrets in a structured way
AWS Systems Manager Parameter Store (SSM) provides you with a secure way to store config variables for your applications. You can access SSM...
Read more >AWS Systems Manager Parameter Store Tutorial - YouTube
Learn how to use the AWS SSM Parameter Store to secure storage!If you want to learn more: ...
Read more >get-parameter — AWS CLI 2.9.9 Command Reference
To query by parameter version, use "Name": "name:version" . --with-decryption | --no-with-decryption (boolean). Return decrypted values for secure string ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
It would be nice if the version were not required to use a secure string parameter with the Secret construct because it’s not required for the cloudformation definition.
Can we reopen this so that the AWS team knows currently there’s only a workaround but no solution yet?