1

What is the difference between AWS SSM GetParameter and GetParameters ? I have a machine with an IAM policy GetParameters and try to read a variable with terraform with the following code:

data "aws_ssm_parameter" "variable" {  name = "variable"}

I get an error indicating I'm not authorized to perform GetParameter.

said
  • 53
  • 1
  • 4

1 Answers1

6

Like the name suggests.

  • GetParameter provides details about only one parameter per API call.
  • GetParameters provides details about multiple parameters in one API call.

The parameter details returned are exactly same for both calls, as the two calls return Parameter object:

   "Parameter": { 
      "ARN": "string",
      "DataType": "string",
      "LastModifiedDate": number,
      "Name": "string",
      "Selector": "string",
      "SourceResult": "string",
      "Type": "string",
      "Value": "string",
      "Version": number
   }

The key benefit of the GetParameters is that you can fetch many parameters in a single API call which saves time.

Example use of GetParameter:

aws ssm get-parameter --name /db/password 
{
    "Parameter": {
        "Name": "/db/password",
        "Type": "String",
        "Value": "secret password",
        "Version": 1,
        "LastModifiedDate": 1589285865.183,
        "ARN": "arn:aws:ssm:us-east-1:xxxxxxxxx:parameter/db/password",
        "DataType": "text"
    }
}

Example use of GetParameters with two parameters:

aws ssm get-parameters --name /db/password /db/url 
{
    "Parameters": [
        {
            "Name": "/db/password",
            "Type": "String",
            "Value": "secret password",
            "Version": 1,
            "LastModifiedDate": 1589285865.183,
            "ARN": "arn:aws:ssm:us-east-1:xxxxxxxxx:parameter/db/password",
            "DataType": "text"
        },
        {
            "Name": "/db/url",
            "Type": "String",
            "Value": "url to db",
            "Version": 1,
            "LastModifiedDate": 1589285879.912,
            "ARN": "arn:aws:ssm:us-east-1:xxxxxxxxx:parameter/db/url",
            "DataType": "text"
        }
    ],
    "InvalidParameters": []
}

Example use of GetParameters with non-existing second parameter (/db/wrong)

aws ssm get-parameters --name /db/password /db/wrong 
{
    "Parameters": [
        {
            "Name": "/db/password",
            "Type": "String",
            "Value": "secret password",
            "Version": 1,
            "LastModifiedDate": 1589285865.183,
            "ARN": "arn:aws:ssm:us-east-1:xxxxxxxxx:parameter/db/password",
            "DataType": "text"
        }
    ],
    "InvalidParameters": [
        "/db/wrong"
    ]
}
Marcin
  • 215,873
  • 14
  • 235
  • 294