Skip to main content

parameters

Creates, updates, deletes or gets a parameter resource or lists parameters in a region

Overview

Nameparameters
TypeResource
Description
The AWS::SSM::Parameter resource creates an SSM parameter in SYSlong Parameter Store.To create an SSM parameter, you must have the IAMlong (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, CFNlong adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify.
To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see Managing access using policies in the User Guide.
For information about valid values for parameters, see About requirements and constraints for parameter names in the User Guide and PutParameter in the API Reference.
Idawscc.ssm.parameters

Fields

NameDatatypeDescription
typestring
The type of parameter.Parameters of type SecureString are not supported by CFNlong.
valuestring
The parameter value.If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.
descriptionstringInformation about the parameter.
policiesstring
Information about the policies assigned to a parameter.Assigning parameter policies in the User Guide.
allowed_patternstringA regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$
tierstringThe parameter tier.
tagsobjectOptional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a SYS parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.
data_typestringThe data type of the parameter, such as text or aws:ec2:image. The default is text.
namestring
The name of the parameter.The reported maximum length of 2048 characters for a parameter name includes 1037 characters that are reserved for internal use by SYS. The maximum length for a parameter name that you specify is 1011 characters.
This count of 1011 characters includes the characters in the ARN that precede the name you specify. This ARN length will vary depending on your partition and Region. For example, the following 45 characters count toward the 1011 character maximum for a parameter created in the US East (Ohio) Region: arn:aws:ssm:us-east-2:111122223333:parameter/.
regionstringAWS region.

For more information, see AWS::SSM::Parameter.

Methods

NameResourceAccessible byRequired Params
create_resourceparametersINSERTValue, Type, region
delete_resourceparametersDELETEIdentifier, region
update_resourceparametersUPDATEIdentifier, PatchDocument, region
list_resourcesparameters_list_onlySELECTregion
get_resourceparametersSELECTIdentifier, region

SELECT examples

Gets all properties from an individual parameter.

SELECT
  region,
  type,
  value,
  description,
  policies,
  allowed_pattern,
  tier,
  tags,
  data_type,
  name
FROM awscc.ssm.parameters
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ name }}';

INSERT example

Use the following StackQL query and manifest file to create a new parameter resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.ssm.parameters (
  Type,
  Value,
  region
)
SELECT
  '{{ type }}',
  '{{ value }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a parameter resource, using stack-deploy.

/*+ update */
UPDATE awscc.ssm.parameters
SET PatchDocument = string('{{ {
    "Type": type,
    "Value": value,
    "Description": description,
    "Policies": policies,
    "AllowedPattern": allowed_pattern,
    "Tier": tier,
    "Tags": tags,
    "DataType": data_type
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ name }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.ssm.parameters
WHERE
  Identifier = '{{ name }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the parameters resource, the following permissions are required:

ssm:PutParameter,
ssm:AddTagsToResource,
ssm:GetParameters