0

In my template, I can use a configured parameter from systems manager, like this:

Parameters:
  DatabasePassword:
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: '/some/path/db_password'

However, I need help to be able to use a secure string.

I tried: AWS::SSM::Parameter::Value<SecureString> and /some/path/db_password~true

Perhaps it is not worth the trouble to use a secure string in this context?

Willem
  • 917
  • 7
  • 19

1 Answers1

2

Unfortunately, there's a note on the aws docs that mention...

AWS CloudFormation doesn't support creating a SecureString parameter type.

ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-datatype

You may want to instead want to create your SecureString ssm parameters via the AWS CLI

aws ssm put-parameter \
    --name parameter-name \
    --value "parameter-value" \
    --type SecureString

ref: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-securestring.html

Aaron Zhong
  • 921
  • 8
  • 22
  • I saw a request logged for it on GitLab: https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/82 – Willem Jan 18 '22 at 08:34