# Edit configuration data for extensions in your account
Edit configuration data for extensions

This topic provides guidance on editing configuration data for extensions in your account within a specific Region. Extensions can include configuration properties that apply to all instances of the extension for a given account and Region. These are defined by the extension author in the extension's configuration definition. If there are any required properties in the extension's configuration definition, you must specify those properties before you can use the extension in your account and Region.

For more information about how configuration definitions are defined when developing an extension, see the following documentation.
+ [Hook configuration schema syntax reference](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hook-configuration-schema.html)
+ [Defining the account-level configuration of an extension](https://docs.aws.amazon.com/cloudformation-cli/latest/userguide/resource-type-model.html#resource-type-howto-configuration)

**Topics**
+ [

## Permissions required to use dynamic references
](#registry-set-configuration-considerations)
+ [

## Edit configuration data for an extension (console)
](#registry-set-configuration-procedure-console)
+ [

## Edit configuration data for an extension (AWS CLI)
](#registry-set-configuration-procedure-cli)

## Permissions required to use dynamic references


If your configuration data includes dynamic references to values stored in AWS Systems Manager or AWS Secrets Manager, any role used to provision the type (for example, when creating or updating a stack) must have the proper permissions to retrieve that value. Specifically:
+ If the configuration data contains a parameter stored in AWS Systems Manager Parameter Store, the user or role used to provision the type must have permissions to call [https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetParameter.html).
+ If the configuration data contains a secret stored in AWS Secrets Manager, the user or role used to provision the type must have permissions to call [https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html). 

For more information, see [Get values stored in other services using dynamic references](dynamic-references.md).

## Edit configuration data for an extension (console)


Follow the steps in this section to use the console to:
+ View the current configuration data for an extension
+ Update extension configuration data for your account

**To view the current configuration data for an extension**

1. Sign in to the AWS Management Console and open the CloudFormation console at [https://console.aws.amazon.com/cloudformation](https://console.aws.amazon.com/cloudformation/).

1. On the navigation bar at the top of the screen, choose your AWS Region.

1. From the navigation pane, under **Registry**, choose **Activated extensions**.

1. Find the extension you want to view. For more information, see [View the available and activated extensions in the CloudFormation registry](registry-view.md).

1. Choose the extension to view the extension details.

1. On the extension details page, choose the **Configuration** tab.

1. Expand the **Configuration schema** tab to see the configuration schema defined for the extension.

1. Expand the **Configuration** tab to see the current configuration that you have set for this extension.

**To update configuration data for an extension**

1. On the extension details page, from the **Configuration** tab, choose **Edit configuration**.

   Alternatively, from **Actions**, choose **Edit**, and then choose **Edit configuration**.

   CloudFormation displays the **Configure extension** page. Make sure that **View configuration schema** is toggled on to see the extension's current configuration definition schema.

1. In the **Configuration JSON** text box, enter a JSON string that represents the configuration schema you want to set for this extension. It must validate against the schema defined in **Configuration schema**.

1. Choose **Configure extension**.

## Edit configuration data for an extension (AWS CLI)


Follow the steps in this section to use the AWS CLI to:
+ View the current configuration data for an extension
+ Update extension configuration data for your account

**To view the current configuration data for an extension**
+ Use the [https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-type.html](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/describe-type.html) command to return detailed information about the extension. The `ConfigurationSchema` element of the output contains the current configuration definition of the extension in a given Region.

  Alternatively, use the [https://docs.aws.amazon.com/cli/latest/reference/cloudformation/batch-describe-type-configurations.html](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/batch-describe-type-configurations.html) command to return configuration data about multiple extensions.

**To update configuration data for an extension**
+ Use the [https://docs.aws.amazon.com/cli/latest/reference/cloudformation/set-type-configuration.html](https://docs.aws.amazon.com/cli/latest/reference/cloudformation/set-type-configuration.html) command to specify the configuration data. The JSON you pass for `--configuration` must validate against the extension's configuration schema. 

  In the following example, the **set-type-configuration** command specifies the configuration data *`"{"CredentialKey": "testUserCredential"}"`* for the `--configuration` option.

  ```
  aws cloudformation set-type-configuration --type RESOURCE \
    --type-name My::Resource::Example \
    --configuration-alias default \
    --configuration "{"CredentialKey": "testUserCredential"}" \
    --region us-west-2
  ```