Resource: awsSsmParameter
Provides an SSM Parameter resource.
\~> Note: overwrite
also makes it possible to overwrite an existing SSM Parameter that's not created by Terraform before.
Example Usage
Basic example
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ssmParameter.SsmParameter(this, "foo", {
name: "foo",
type: "String",
value: "bar",
});
Encrypted string using default SSM KMS key
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dbInstance.DbInstance(this, "default", {
allocatedStorage: 10,
dbSubnetGroupName: "my_database_subnet_group",
engine: "mysql",
engineVersion: "5.7.16",
instanceClass: "db.t2.micro",
name: "mydb",
parameterGroupName: "default.mysql5.7",
password: "${var.database_master_password}",
storageType: "gp2",
username: "foo",
});
new aws.ssmParameter.SsmParameter(this, "secret", {
description: "The parameter description",
name: "/production/database/password/master",
tags: {
environment: "production",
},
type: "SecureString",
value: "${var.database_master_password}",
});
\~> Note: The unencrypted value of a SecureString will be stored in the raw state as plain-text. Read more about sensitive data in state.
Argument Reference
The following arguments are required:
name
- (Required) Name of the parameter. If the name contains a path (e.g., any forward slashes (/
)), it must be fully qualified with a leading forward slash (/
). For additional requirements and constraints, see the AWS SSM User Guide.type
- (Required) Type of the parameter. Valid types arestring
,stringList
andsecureString
.
The following arguments are optional:
allowedPattern
- (Optional) Regular expression used to validate the parameter value.dataType
- (Optional) Data type of the parameter. Valid values:text
,aws:ssm:integration
andaws:ec2:image
for AMI format, see the Native parameter support for Amazon Machine Image IDs.description
- (Optional) Description of the parameter.insecureValue
- (Optional, exactly one ofvalue
orinsecureValue
is required) Value of the parameter. Use caution: This value is never marked as sensitive in the Terraform plan output. This argument is not valid with atype
ofsecureString
.keyId
- (Optional) KMS key ID or ARN for encrypting a SecureString.overwrite
- (Optional) Overwrite an existing parameter. If not specified, will default tofalse
if the resource has not been created by terraform to avoid overwrite of existing resource and will default totrue
otherwise (terraform lifecycle rules should then be used to manage the update behavior).tags
- (Optional) Map of tags to assign to the object. If configured with a providerdefaultTags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.tier
- (Optional) Parameter tier to assign to the parameter. If not specified, will use the default parameter tier for the region. Valid tiers arestandard
,advanced
, andintelligentTiering
. Downgrading anadvanced
tier parameter tostandard
will recreate the resource. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.value
- (Optional, exactly one ofvalue
orinsecureValue
is required) Value of the parameter. This value is always marked as sensitive in the Terraform plan output, regardless oftype
. In Terraform CLI version 0.15 and later, this may require additional configuration handling for certain scenarios. For more information, see the Terraform v0.15 Upgrade Guide.
\~> NOTE: aws:ssm:integration
data_type parameters must be of the type secureString
and the name must start with the prefix /d9D010874A3F49E0B0B4D568D7826553/ssm/integrations/webhook/
. See here for information on the usage of aws:ssm:integration
parameters.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
arn
- ARN of the parameter.tagsAll
- Map of tags assigned to the resource, including those inherited from the providerdefaultTags
configuration block.version
- Version of the parameter.
Import
SSM Parameters can be imported using the parameterStoreName
, e.g.,