2

I'm trying to do use ssm in the serverless.ts file and it is not working.

  const serverlessConfiguration: AWS = {
  service: "data-lineage",
  frameworkVersion: "2",
  custom: {
    webpack: {
      webpackConfig: "./webpack.config.js",
      includeModules: true,
    },
    stages: ["dev", "staging", "prod"],
    region: "${opt:region, self:provider.region}",
    stage: "${opt:stage, self:provider.stage}",
    dburl: {
      dev: config.transactionalMongoUrl,
      staging:
        "${ssm:/some/some2/staging/dburl}",
      prod:
        "${ssm:/some/some2/prod/dburl}",
    },

.... ... ..

environment: {
      AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
      DB_URL:
        "${self:custom.dburl.${self:provider.stage}}",

When I deploy my lambda, it is not working and the value of the process.env.DB_URL is undefined.

Anyone can help with a hint how can I use SSM in the serverless.ts

Esmat Nawahda
  • 21
  • 5
  • I don't see anything obviously wrong with the way you're referencing your SSM. Can you confirm that the paths `/some/some2/...` exist? When you do a `sls print` to print the configuration object to the console are they correctly filled? – yvesonline Apr 06 '21 at 06:18

3 Answers3

0

From the ssm plugin I understand you need to install serverless-ssm-fetch plugin.

serverless plugin install --name serverless-ssm-fetch

In serverless.ts

plugins: [
  serverless-ssm-fetch
  ...
]

custom: {
   serverlessSsmFetch: {
      APP_ID: /aws/ssm/parameter/path/app_id
      APP_KEY: /aws/ssm/parameter/path/app_key
      APP_SECRET: /aws/ssm/parameter/path/app_secret~true
   }
}
Physic Liar
  • 11
  • This is the older way of doing it, they brought out the `{ssm:NAME}` access pattern but it appears to only work with serverless.yml as it appears to be automatically producing IAM permissions to read the ssm parameters. When attempting to do the same with `serverless.ts` it does not produce the IAM roles and fails with . ``` A valid SSM parameter to satisfy the declaration 'ssm:/stage/secrets/secretmanager/x/x-api-secret-arn' could not be found. ``` – Sigex Sep 13 '22 at 12:21
0

This syntax works for me :

restApiId:  "${ssm:/rest-api/id}",
restApiRootResourceId: "${ssm:/rest-api/root-resource-id}"
jyjy
  • 1
0

After some frustration with this, and consistently running in Cannot resolve variable at "provider.environment.XXX_CLIENT_SECRET": Value not found at "ssm" source, I came across this answer and realized that I did not have the all-important region property in my serverless.ts file.

Once that was set correctly (to us-east-2, where my parameter was stored), I was able to use the '${ssm:/xxx_client_secret}' syntax without a serverless error. IMO the serverless.ts usage needs a lot more documentation. Note also that I did not have to use theserverless-ssm-fetch plugin which you may find recommended in other places.

So if you are having issues with accessing your SSM values in your serverless.ts, make sure you add the region property, and make sure that it is where your parameters are stored.

// serverless.ts
import type { AWS } from '@serverless/typescript';

const serverlessConfiguration: AWS = {
  service: 'serverless',
  frameworkVersion: '3',
  variablesResolutionMode: '20210326',
  plugins: ['serverless-esbuild', 'serverless-local', 'serverless-offline'],
  provider: {
    name: 'aws',
    runtime: 'nodejs14.x',
    region: 'us-east-2', // <-- this is extremely important
    apiGateway: {
      minimumCompressionSize: 1024,
      shouldStartNameWithService: true
    },
    environment: {
      AWS_NODEJS_CONNECTION_REUSE_ENABLED: '1',
      NODE_OPTIONS: '--enable-source-maps --stack-trace-limit=1000',
     XXX_CLIENT_SECRET: '${ssm:xxx_client_secret}',
     // ...
binarygiant
  • 6,362
  • 10
  • 50
  • 73