Syntax Properties Return values Examples See also

AWS::SSM::Parameter

The AWS::SSM::Parameter resource creates an SSM parameter in Amazon Systems Manager Parameter Store.

Important

To create an SSM parameter, you must have the Amazon Identity and Access Management (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, Amazon CloudFormation adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify.

To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see Managing Access Using Policies in the Amazon Systems Manager User Guide.

For information about valid values for parameters, see Requirements and Constraints for Parameter Names in the Amazon Systems Manager User Guide and PutParameter in the Amazon Systems Manager API Reference.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::SSM::Parameter",
  "Properties" : {
      "AllowedPattern" : String,
      "DataType" : String,
      "Description" : String,
      "Name" : String,
      "Policies" : String,
      "Tags" : Json,
      "Tier" : String,
      "Type" : String,
      "Value" : String
    }
}

YAML


Type: AWS::SSM::Parameter
Properties: 
  AllowedPattern: String
  DataType: String
  Description: String
  Name: String
  Policies: String
  Tags: Json
  Tier: String
  Type: String
  Value: String

Properties

AllowedPattern

A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

DataType

The data type of the parameter, such as text or aws:ec2:image. The default is text.

Required: No

Type: String

Minimum: 0

Maximum: 128

Update requires: No interruption

Description

Information about the parameter.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

Name

The name of the parameter.

Note

The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter ARN, is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters: arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

Policies

Information about the policies assigned to a parameter.

Assigning parameter policies in the Amazon Systems Manager User Guide.

Required: No

Type: String

Update requires: No interruption

Tags

Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.

Required: No

Type: Json

Maximum: 1000

Update requires: No interruption

Tier

The parameter tier.

Required: No

Type: String

Allowed values: Advanced | Intelligent-Tiering | Standard

Update requires: No interruption

Type

The type of parameter.

Note

Amazon CloudFormation doesn't support creating a SecureString parameter type.

Allowed Values: String | StringList

Required: Yes

Type: String

Update requires: No interruption

Value

The parameter value.

Note

If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.

Required: Yes

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the name of the SSM parameter. For example, ssm-myparameter-ABCNPH3XCAO6.

For more information about using the Reffunction, see Ref.

Fn::GetAtt

The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.

Type: Returns the type of the parameter. Valid values are String or StringList.
Value: Returns the value of the parameter.

Examples

Create a String-type parameter

The following example creates a Systems Manager parameter named command with a String type and adds the tag key-value pair "Environment":"Dev".

JSON


{
    "Resources": {
        "BasicParameter": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
                "Name": "command",
                "Type": "String",
                "Value": "date",
                "Description": "SSM Parameter for running date command.",
                "AllowedPattern": "^[a-zA-Z]{1,10}$",
                "Tags": {
                    "Environment": "DEV"
                }
            }
        }
    }
}

YAML


---
Resources:
  BasicParameter:
    Type: AWS::SSM::Parameter
    Properties:
      Name: command
      Type: String
      Value: date
      Description: SSM Parameter for running date command.
      AllowedPattern: "^[a-zA-Z]{1,10}$"
      Tags:
        Environment: DEV

Create a StringList-type parameter

The following example creates a Systems Manager parameter named commands with a StringList type.

JSON


{
    "Resources": {
        "BasicParameter": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
                "Name": "commands",
                "Type": "StringList",
                "Value": "date,ls",
                "Description": "SSM Parameter of type StringList.",
                "AllowedPattern": "^[a-zA-Z]{1,10}$"
            }
        }
    }
}

YAML


---
Resources:
  BasicParameter:
    Type: AWS::SSM::Parameter
    Properties:
      Name: commands
      Type: StringList
      Value: date,ls
      Description: SSM Parameter of type StringList.
      AllowedPattern: "^[a-zA-Z]{1,10}$"

Create an advanced tier parameter and assign a policy

The following example creates a Systems Manager advanced tier parameter named command with a String type and a parameter policy.

JSON


{
    "Resources": {
        "BasicParameter": {
            "Type": "AWS::SSM::Parameter",
            "Properties": {
                "Name": "command",
                "Type": "String",
                "Value": "date",
                "Tier": "Advanced",
                "Policies": "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-05-13T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]",
                "Description": "SSM Parameter for running date command.",
                "AllowedPattern": "^[a-zA-Z]{1,10}$",
                "Tags": {
                    "Environment": "DEV"
                }
            }
        }
    }
}

YAML


---
Resources:
  BasicParameter:
    Type: AWS::SSM::Parameter
    Properties:
      Name: command
      Type: String
      Value: date
      Tier: Advanced
      Policies: '[{"Type":"Expiration","Version":"1.0","Attributes":{"Timestamp":"2020-05-13T00:00:00.000Z"}},{"Type":"ExpirationNotification","Version":"1.0","Attributes":{"Before":"5","Unit":"Days"}},{"Type":"NoChangeNotification","Version":"1.0","Attributes":{"After":"60","Unit":"Days"}}]'
      Description: SSM Parameter for running date command.
      AllowedPattern: "^[a-zA-Z]{1,10}$"
      Tags:
        Environment: DEV