Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[SSM] How to always get latest version of Secure String in Parameter Store

See original GitHub issue

❓ General Issue

The Question

My team will automatically update SecureString in ParameterStore via CLI, but in CDK, I couldn’t / find any way to get around Cloudformation limitation, or workaround (just work) method to always force get the latest version while using DBInstance.


  • CDK CLI Version: 1.59.0
  • Module Version: 1.59.0
  • Node.js Version: 14.8.0
  • OS: OSX Catalina
  • Language (Version): TypeScript (3.9.7)

Other information

Sample code:

const sqlInstance = new DatabaseInstance(this, `Sql-${opt.stage}`, {
      engine: DatabaseInstanceEngine.POSTGRES,
      instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.SMALL),
      masterUsername: SQL_USER_NAME,
      masterUserPassword: ssm.StringParameter.valueForSecureStringParameter(this, "${opt.stage}/SQL_PASSWORD", 
"<Hope I can always get latest version number....>"),

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:13 (3 by maintainers)

github_iconTop GitHub Comments

spyoungtechcommented, Jun 15, 2021

It would be nice if the version were not required to use a secure string parameter with the Secret construct because it’s not required for the cloudformation definition.

fengkaijiacommented, Feb 27, 2021

Can we reopen this so that the AWS team knows currently there’s only a workaround but no solution yet?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Get a value from the Systems Manager Parameter Store
Only plain Systems Manager strings may be retrieved, not secure strings. It is not possible to request a specific version; the latest version...
Read more >
A complete guide to using the AWS Parameter Store
Complete guide to the AWS Systems Manager Parameter Store including parameter types, encrypted parameters, roles, awscli commands, boto3.
Read more >
SSM Parameter Store for keeping secrets in a structured way
AWS Systems Manager Parameter Store (SSM) provides you with a secure way to store config variables for your applications. You can access SSM...
Read more >
AWS Systems Manager Parameter Store Tutorial - YouTube
Learn how to use the AWS SSM Parameter Store to secure storage!If you want to learn more: ...
Read more >
get-parameter — AWS CLI 2.9.9 Command Reference
To query by parameter version, use "Name": "name:version" . --with-decryption | --no-with-decryption (boolean). Return decrypted values for secure string ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found