0

I am creating an SSM Parameter via Cloudformation (AWS::SSM::Parameter). From the docs there is a "Policies" property:

Policies
Information about the policies assigned to a parameter.

Working with Parameter Policies in the AWS Systems Manager User Guide.

Required: No

Type: String

Update requires: No interruption

Nowhere in the documentation is there an example or guide to how the String should be formatted. My current CFN template is as follows:

Conditions:
  IsAdvancedParameter: !Equals [!Ref ParamTier, "Advanced"]
Resources:
  ParamOne:
    Type: AWS::SSM::Parameter
    Properties:
      Name: !Ref ParamName
      Policies:
        Fn::If:
          - IsAdvancedParameter
          - # What should go here???
          - !Ref AWS::NoValue
      Tier: !Ref ParamTier
      Type: SecureString
      Value: !Ref ParamVal

Has anyone ever figured this out?

Andrew Allison
  • 1,122
  • 2
  • 13
  • 30
  • 1
    The documentation links to [Working with Parameter Policies - AWS Systems Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) that shows some sample policies (admittedly in JSON format, but close enough). Have you tried them? – John Rotenstein Jun 13 '19 at 01:18
  • @JohnRotenstein Thank you, I did take a look at that and eventually figured out (although it's not explicitly stated) that the way you format it for the CLI works for CloudFormation also. So for example: "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2018-05-13T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]" – Andrew Allison Jun 13 '19 at 15:16

0 Answers0