Skip to main content

Command resolver

The command resolver executes a specified shell command and uses the command output as a parameter value.

Properties

Here are the properties of the command resolver:

KeyRequiredTypeDescription
resolveryesstringResolver name, this must be cmd.
commandyesstringShell command to execute.
exposeStackCredentialsnobooleanMake the current stack's AWS credentials available for the shell command. Defaults to false.
exposeStackRegionnobooleanMake the current stack's region available for the shell command. Defaults to false.
capturenostringControls how to capture the output of the executed shell command. By default, all output is captured. To capture only the last line, set this to last-line.
confidentialnobooleanConceal the resolved parameter value from logs, defaults to false.
immutablenobooleanMark the parameter as immutable, defaults to false.

Environment variables available in the shell command

The following environment variables are available in the shell command:

NameDescription
AWS_ACCESS_KEY_IDIf exposeStackCredentials is true, this will hold the access key id of credentials of the current stack.
AWS_SECRET_ACCESS_KEYIf exposeStackCredentials is true, this will hold the secret access key of credentials of the current stack.
AWS_SESSION_TOKENIf exposeStackCredentials is true, this will hold the session token of credentials of the current stack.
AWS_SECURITY_TOKENIf exposeStackCredentials is true, this will hold the session token of credentials of the current stack.
AWS_DEFAULT_REGIONIf exposeStackRegion is true, this will hold the region of the current stack.

Example

Use contents of /home/password.txt file as parameter value:

parameters:
Password:
resolver: cmd
command: cat /home/password.txt