@aws-cdk/aws-ssm module
This page is available in another version. Click here for the v2 documentation.
| Language | Package |
|---|---|
 .NET | Amazon.CDK.AWS.SSM |
 Java | software.amazon.awscdk.services.ssm |
 Python | aws_cdk.aws_ssm |
 TypeScript | @aws-cdk/aws-ssm |
AWS Systems Manager Construct Library
AWS CDK v1 has reached End-of-Support on 2023-06-01. This package is no longer being updated, and users should migrate to AWS CDK v2.
For more information on how to migrate, see the Migrating to AWS CDK v2 guide.
This module is part of the AWS Cloud Development Kit project.
Installation
Install the module:
$ npm i @aws-cdk/aws-ssm
Import it into your code:
import * as ssm from '@aws-cdk/aws-ssm';
Using existing SSM Parameters in your CDK app
You can reference existing SSM Parameter Store values that you want to use in
your CDK app by using ssm.StringParameter.fromStringParameterAttributes:
// Retrieve the latest value of the non-secret parameter
// with name "/My/String/Parameter".
const stringValue = ssm.StringParameter.fromStringParameterAttributes(this, 'MyValue', {
parameterName: '/My/Public/Parameter',
// 'version' can be specified but is optional.
}).stringValue;
const stringValueVersionFromToken = ssm.StringParameter.fromStringParameterAttributes(this, 'MyValueVersionFromToken', {
parameterName: '/My/Public/Parameter',
// parameter version from token
version: parameterVersion,
}).stringValue;
// Retrieve a specific version of the secret (SecureString) parameter.
// 'version' is always required.
const secretValue = ssm.StringParameter.fromSecureStringParameterAttributes(this, 'MySecureValue', {
parameterName: '/My/Secret/Parameter',
version: 5,
});
const secretValueVersionFromToken = ssm.StringParameter.fromSecureStringParameterAttributes(this, 'MySecureValueVersionFromToken', {
parameterName: '/My/Secret/Parameter',
// parameter version from token
version: parameterVersion,
});
Creating new SSM Parameters in your CDK app
You can create either ssm.StringParameter or ssm.StringListParameters in
a CDK app. These are public (not secret) values. Parameters of type
SecureString cannot be created directly from a CDK application; if you want
to provision secrets automatically, use Secrets Manager Secrets (see the
@aws-cdk/aws-secretsmanager package).
new ssm.StringParameter(this, 'Parameter', {
allowedPattern: '.*',
description: 'The value Foo',
parameterName: 'FooParameter',
stringValue: 'Foo',
tier: ssm.ParameterTier.ADVANCED,
});
// Create a new SSM Parameter holding a String
const param = new ssm.StringParameter(stack, 'StringParameter', {
// description: 'Some user-friendly description',
// name: 'ParameterName',
stringValue: 'Initial parameter value',
// allowedPattern: '.*',
});
// Grant read access to some Role
param.grantRead(role);
// Create a new SSM Parameter holding a StringList
const listParameter = new ssm.StringListParameter(stack, 'StringListParameter', {
// description: 'Some user-friendly description',
// name: 'ParameterName',
stringListValue: ['Initial parameter value A', 'Initial parameter value B'],
// allowedPattern: '.*',
});
When specifying an allowedPattern, the values provided as string literals
are validated against the pattern and an exception is raised if a value
provided does not comply.