(Extending https://github.com/glassechidna/ssmcfn)
You know what's lame? CloudFormation not (yet) having support for storing values
in Parameter Store. You know what's less lame? Lambda-backed custom resources
so that we can polyfill this ourselves. Simply deploy cfn.yml
into
your AWS region and use like this:
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
BuildNumber:
Description: A unique number to ensure that the GetParam is run
Type: Number
Resources:
SecureParam:
Type: Custom::CfnParamStore
Properties:
ServiceToken: !ImportValue CfnParamStoreCreate
KeyName: somevalue
Type: SecureString
KeyValue: this-is-the-new-password
GetParam:
Type: Custom::CfnParamStoreGet
Properties:
ServiceToken: !ImportValue CfnParamStoreGet
KeyName: somevalue
BuildNumber: !Ref BuildNumber
The above makes some extra changes to the original code.
- It now supports a GetParm event
- The GetParm returns a phoney result (eg "Please set cfn-param-stack-notreal in the console") if one is not set