AWS::SSM::Parameter
The AWS::SSM::Parameter
resource creates an SSM parameter in AWS Systems Manager Parameter Store.
Important
To create an SSM parameter, you must have the AWS Identity and Access Management (IAM)
permissions ssm:PutParameter
and ssm:AddTagsToResource
. On stack
creation, AWS CloudFormation adds the following three tags to the parameter:
aws:cloudformation:stack-name
, aws:cloudformation:logical-id
,
and aws:cloudformation:stack-id
, in addition to any custom tags you
specify.
To add, update, or remove tags during stack update, you must have IAM permissions for
both ssm:AddTagsToResource
and ssm:RemoveTagsFromResource
. For
more information, see Managing
Access Using Policies in the
AWS Systems Manager User Guide.
For information about valid values for parameters, see About requirements and constraints for parameter names in the AWS Systems Manager User Guide and PutParameter in the AWS Systems Manager API Reference.
Note
Parameters of type SecureString
are not supported by AWS CloudFormation.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::SSM::Parameter", "Properties" : { "AllowedPattern" :
String
, "DataType" :String
, "Description" :String
, "Name" :String
, "Policies" :String
, "Tags" :{
, "Tier" :Key
:Value
, ...}String
, "Type" :String
, "Value" :String
} }
YAML
Type: AWS::SSM::Parameter Properties: AllowedPattern:
String
DataType:String
Description:String
Name:String
Policies:String
Tags:Tier:
Key
:Value
String
Type:String
Value:String
Properties
AllowedPattern
-
A regular expression used to validate the parameter value. For example, for
String
types with values restricted to numbers, you can specify the following:AllowedPattern=^\d+$
Required: No
Type: String
Minimum:
0
Maximum:
1024
Update requires: No interruption
DataType
-
The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.Required: No
Type: String
Allowed values:
text | aws:ec2:image
Update requires: No interruption
Description
-
Information about the parameter.
Required: No
Type: String
Minimum:
0
Maximum:
1024
Update requires: No interruption
Name
-
The name of the parameter.
Note
The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter Amazon Resource Name (ARN), is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters:
arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName
Required: No
Type: String
Minimum:
1
Maximum:
2048
Update requires: Replacement
Policies
-
Information about the policies assigned to a parameter.
Assigning parameter policies in the AWS Systems Manager User Guide.
Required: No
Type: String
Update requires: No interruption
-
Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.
Required: No
Type: Object of String
Pattern:
^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$
Update requires: No interruption
Tier
-
The parameter tier.
Required: No
Type: String
Allowed values:
Standard | Advanced | Intelligent-Tiering
Update requires: No interruption
Type
-
The type of parameter.
Note
Parameters of type
SecureString
are not supported by AWS CloudFormation.Required: Yes
Type: String
Allowed values:
String | StringList
Update requires: No interruption
Value
-
The parameter value.
Note
If type is
StringList
, the system returns a comma-separated string with no spaces between commas in theValue
field.Required: Yes
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the name of the SSM parameter. For example,
ssm-myparameter-ABCNPH3XCAO6
.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
Type
-
Returns the type of the parameter. Valid values are
String
orStringList
. Value
-
Returns the value of the parameter.
Examples
Create a String-type parameter
The following example creates a Systems Manager parameter named command with a
String
type and adds the tag key-value pair "Environment":"Dev"
.
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "command", "Type": "String", "Value": "date", "Description": "SSM Parameter for running date command.", "AllowedPattern": "^[a-zA-Z]{1,10}$", "Tags": { "Environment": "DEV" } } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: command Type: String Value: date Description: SSM Parameter for running date command. AllowedPattern: "^[a-zA-Z]{1,10}$" Tags: Environment: DEV
Create a StringList-type parameter
The following example creates a Systems Manager parameter named commands with a
StringList
type.
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "commands", "Type": "StringList", "Value": "date,ls", "Description": "SSM Parameter of type StringList.", "AllowedPattern": "^[a-zA-Z]{1,10}$" } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: commands Type: StringList Value: date,ls Description: SSM parameter of type StringList. AllowedPattern: "^[a-zA-Z]{1,10}$"
Create an advanced tier parameter and assign a policy
The following example creates a Systems Manager advanced tier parameter named 'command'
with a String
type and a parameter policy.
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "command", "Type": "String", "Value": "date", "Tier": "Advanced", "Policies": "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-05-13T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]", "Description": "SSM Parameter for running date command.", "AllowedPattern": "^[a-zA-Z]{1,10}$", "Tags": { "Environment": "DEV" } } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: command Type: String Value: date Tier: Advanced Policies: '[{"Type":"Expiration","Version":"1.0","Attributes":{"Timestamp":"2020-05-13T00:00:00.000Z"}},{"Type":"ExpirationNotification","Version":"1.0","Attributes":{"Before":"5","Unit":"Days"}},{"Type":"NoChangeNotification","Version":"1.0","Attributes":{"After":"60","Unit":"Days"}}]' Description: SSM parameter for running date command. AllowedPattern: "^[a-zA-Z]{1,10}$" Tags: Environment: DEV