SSM parameter resolver
The SSM parameter resolver reads parameter values from SSM parameter store. The parameter can be encrypted.
Properties
Here are the properties of the SSM parameter resolver:
| Key | Required | Type | Description |
|---|---|---|---|
| resolver | yes | string | Resolver name, this must be ssm. |
| name | yes | string | Name of the SSM parameter. |
| region | no | string | Region where the SSM parameter resides. By default, Takomo uses the region of the stack where the parameter resolver is used. |
| commandRole | no | string | IAM role used to access the SSM parameter. Command role is optional. By default, credentials associated with the current stack are used. |
| confidential | no | boolean | Conceal the resolved parameter value from logs, defaults to false. |
| immutable | no | boolean | Mark the parameter as immutable, defaults to false. |
Examples
Read value from an SSM parameter /database/password that resides in the same region as the current stack:
parameters:
Password:
resolver: ssm
name: /database/password
Read value from an SSM parameter /database/username that resides in eu-north-1 region:
parameters:
Username:
resolver: ssm
region: eu-north-1
name: /database/username
Read value from an SSM parameter using custom IAM role:
parameters:
Password:
resolver: ssm
commandRole: arn:aws:iam::123456789012:role/read-only
name: MyParam