This is the new AWS CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::SSM::Parameter
The AWS::SSM::Parameter resource creates an SSM parameter in AWS Systems Manager Parameter Store.
Note
To create an SSM parameter, you must have the AWS Identity and Access Management (IAM) permissions ssm:PutParameter and
ssm:AddTagsToResource. On stack creation, AWS CloudFormation
adds the following three tags to the parameter:
aws:cloudformation:stack-name,
aws:cloudformation:logical-id, and
aws:cloudformation:stack-id, in addition to any custom tags you
specify.
To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and
ssm:RemoveTagsFromResource. For more information, see Managing access using policies in the AWS Systems Manager User Guide.
For information about valid values for parameters, see About requirements and constraints for parameter names in the AWS Systems Manager User Guide and PutParameter in the AWS Systems Manager API Reference.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::SSM::Parameter", "Properties" : { "AllowedPattern" :String, "DataType" :String, "Description" :String, "Name" :String, "Policies" :String, "Tags" :{, "Tier" :Key:Value, ...}String, "Type" :String, "Value" :String} }
YAML
Type: AWS::SSM::Parameter Properties: AllowedPattern:StringDataType:StringDescription:StringName:StringPolicies:StringTags:Tier:Key:ValueStringType:StringValue:String
Properties
AllowedPattern-
A regular expression used to validate the parameter value. For example, for
Stringtypes with values restricted to numbers, you can specify the following:AllowedPattern=^\d+$Required: No
Type: String
Minimum:
0Maximum:
1024Update requires: No interruption
DataType-
The data type of the parameter, such as
textoraws:ec2:image. The default istext.Required: No
Type: String
Allowed values:
text | aws:ec2:imageUpdate requires: No interruption
Description-
Information about the parameter.
Required: No
Type: String
Minimum:
0Maximum:
1024Update requires: No interruption
Name-
The name of the parameter.
Note
The reported maximum length of 2048 characters for a parameter name includes 1037 characters that are reserved for internal use by Systems Manager. The maximum length for a parameter name that you specify is 1011 characters.
This count of 1011 characters includes the characters in the ARN that precede the name you specify. This ARN length will vary depending on your partition and Region. For example, the following 45 characters count toward the 1011 character maximum for a parameter created in the US East (Ohio) Region:
arn:aws:ssm:us-east-2:111122223333:parameter/.Required: No
Type: String
Minimum:
1Maximum:
2048Update requires: Replacement
Policies-
Information about the policies assigned to a parameter.
Assigning parameter policies in the AWS Systems Manager User Guide.
Required: No
Type: String
Update requires: No interruption
-
Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.
Required: No
Type: Object of String
Pattern:
^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$Update requires: No interruption
Tier-
The parameter tier.
Required: No
Type: String
Allowed values:
Standard | Advanced | Intelligent-TieringUpdate requires: No interruption
Type-
The type of parameter.
Note
Parameters of type
SecureStringare not supported by AWS CloudFormation.Required: Yes
Type: String
Allowed values:
String | StringListUpdate requires: No interruption
Value-
The parameter value.
Note
If type is
StringList, the system returns a comma-separated string with no spaces between commas in theValuefield.Required: Yes
Type: String
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the SSM parameter. For example,
ssm-myparameter-ABCNPH3XCAO6.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Note
Due to eventual consistency of the underlying API, a { Fn::GetValue } of an SSM
Parameter that was just created may fail. Either avoid using { Fn::GetAtt } on an
SSM Parameter, or be aware that stack creation may sometimes fail and you will need
to retry.
Type-
Returns the type of the parameter. Valid values are
StringorStringList. Value-
Returns the value of the parameter.
Examples
Create a String-type parameter
The following example creates a Systems Manager parameter named command
with a String type and adds the tag key-value pair
"Environment":"Dev".
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "command", "Type": "String", "Value": "date", "Description": "SSM Parameter for running date command.", "AllowedPattern": "^[a-zA-Z]{1,10}$", "Tags": { "Environment": "DEV" } } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: command Type: String Value: date Description: SSM Parameter for running date command. AllowedPattern: "^[a-zA-Z]{1,10}$" Tags: Environment: DEV
Create a StringList-type parameter
The following example creates a Systems Manager parameter named commands
with a StringList type.
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "commands", "Type": "StringList", "Value": "date,ls", "Description": "SSM Parameter of type StringList.", "AllowedPattern": "^[a-zA-Z]{1,10}$" } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: commands Type: StringList Value: date,ls Description: SSM parameter of type StringList. AllowedPattern: "^[a-zA-Z]{1,10}$"
Create an advanced tier parameter and assign a policy
The following example creates a Systems Manager advanced tier parameter
named 'command' with a String type and a parameter policy.
JSON
{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "command", "Type": "String", "Value": "date", "Tier": "Advanced", "Policies": "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-05-13T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]", "Description": "SSM Parameter for running date command.", "AllowedPattern": "^[a-zA-Z]{1,10}$", "Tags": { "Environment": "DEV" } } } } }
YAML
--- Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: command Type: String Value: date Tier: Advanced Policies: '[{"Type":"Expiration","Version":"1.0","Attributes":{"Timestamp":"2020-05-13T00:00:00.000Z"}},{"Type":"ExpirationNotification","Version":"1.0","Attributes":{"Before":"5","Unit":"Days"}},{"Type":"NoChangeNotification","Version":"1.0","Attributes":{"After":"60","Unit":"Days"}}]' Description: SSM parameter for running date command. AllowedPattern: "^[a-zA-Z]{1,10}$" Tags: Environment: DEV
See also
