AWS SSM Parameters Store

Question

Is there anyway to just nuke / remove all items in AWS Parameters Store?

All the command line I found are to remove it either one by one or remove it given a list of names.

I also tried using

aws ssm delete-parameters --cli-input-json test.json

with test.json file looks like this

{
    "Names": [
        "test1",
        "test2"
    ]
}

still does not work..

Ideally if I can use --query and use it as is, that'd be great.

I'm using --query like so

aws ssm get-parameters-by-path --path / --max-items 2 --query 'Parameters[*].[Name]'

score 6 · Answer 1 · answered Mar 21 '20 at 17:40

When you need to delete all parameters by path in AWS Systems Manager Parameter Store and there are more than 10 parameters you have to deal with pagination. Otherwise, an the command will fail with the error:

An error occurred (ValidationException) when calling the DeleteParameters operation: 1 validation error detected: Value '[/config/application/prop1, ...]' at 'names' failed to satisfy constraint: Member must have length less than or equal to 10

The following Bash script using AWS CLI pagination options deletes any number of parameters from AWS SSM Parameter Store by path:

#!/bin/bash

path=/config/application_dev/

while : ; do
  aws ssm delete-parameters --names $(aws ssm get-parameters-by-path --path "$path" --query "Parameters[*].Name" --output text --max-items 10 $starting_token | grep -v None)
  next_token=$(aws ssm get-parameters-by-path --path "$path" --query NextToken --output text --max-items 10 | grep -v None)
  if [ -z "$next_token" ]; then
    starting_token=""
    break
  else
    starting_token="--starting-token $next_token"
  fi
done

In the get-parameters-by-path you'll want to add --recursive if you want to delete all parameters below that level. If start path is "/" it'll delete everything from there on. Also, if using multiple AWS profiles, don't forget to add "--profile {profile-name}" to every "aws ssm" call in the script, otherwise you'll be deleting everything in your default profile. — Ramin, Nov 20 '20 at 20:47

score 4 · Accepted Answer · answered Sep 11 '18 at 04:24

4

You can combine get-parameters-by-path with delete-parameters:

aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --query Parameters[].Name --output text`

I tested it by creating two parameters, then running the above command. It successfully deleted by parameters.

answered Sep 11 '18 at 04:24

John Rotenstein

241,921
22
380
470

1

The solution is very elegant but doesn't work when there are more than 10 parameters resulting in the error `Member must have length less than or equal to 10`. – Eugene Khyst Mar 21 '20 at 17:29

score 2 · Answer 3 · answered Dec 06 '21 at 07:34

Adding to the above. I had to delete around 400 params from the parameter store. Ran the below in command line and it did it! (Change 45 in for loop to whatever number you like);

for ((n=0;n<**45**;n++)); do
    aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`
done

bormansquirrel · Answer 4 · 2020-06-08T11:17:10.613

1

This is my one line solution for this:

$ for key in $(aws ssm get-parameters-by-path --path "/" --recursive | jq -r '.Parameters[] | .Name' | tr '\r\n' ' '); do aws ssm delete-parameter --name ${key}; done

NOTE: Be careful if you copy & paste this as it will remove everything under "/"

edited Jun 08 '20 at 11:17

answered Jun 08 '20 at 11:10

bormansquirrel

95
9

score 1 · Answer 5 · edited May 05 '21 at 16:57

1

try this and execute multiple times

aws ssm delete-parameters --names `aws ssm get-parameters-by-path --path / --recursive --query Parameters[].Name --output text --max-items 9`

edited May 05 '21 at 16:57

martian111

595
1
6
21

answered May 04 '21 at 17:34

Subas

11
2

AWS SSM Parameters Store

5 Answers5