@bgcbrasil/bgc-ssm-securestring-plugin v3.0.0
bgc-ssm-securestring-plugin
This plugin was created to manage ssm secure string parameters for BGC components.
Table of contents
About
Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data.
You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter.
To know more about SSM Parameter Store visit the site AWS Systems Manager Parameter Store
Prerequisites
Make sure you have the following installed before starting:
The IAM role that is running the plugin will need the following permissions:
ssm: DeleteParameter;
ssm: PutParameter;
ssm: GetParameter;
Installation
Use the package manager npm to install the plugin.
npm install @bgcbrasil/bgc-ssm-securestring-plugin
Then make the following edits to your serverless.yml file:
Add the plugin.
plugins:
- "@bgcbrasil/bgc-ssm-securestring-plugin"
Add the plugin configuration
custom:
ssmParameters:
- parameterName: StatusProviderDBPassword
parameterDescription: Auto generated password for Status Provider Database
parameterProperties:
length: 41 # Must contain from 8 to 41 characters for cluster and 8 to 128 for instance
numbers: true
rdsConfig:
type: cluster
DBIdentifier: bgcstatusprovidercluster
By default, the region used is us-east-1, but you can change it. Add the region in a custom configuration to use a different region.
Configuration
It can accept the following options:
name | type | required | description |
---|---|---|---|
parameterName | string | yes | identification of the parameter |
parameterDescription | string | yes | description of the parameter |
parameterProperties | object | yes | properties of the parameter |
length | number | no (defaults to 80) | size of the secure string |
numbers | boolean | no (defaults to true) | Should use number on secure string generation |
rdsConfig | object | no | properties of the RDS database |
type | string (cluster or instance) | no (defaults to instance) | type of the rds database |
DBIdentifier | string | yes | rds database identifier |
Running
It runs using serverless comand
sls <command_name> [--parameter] <value>
Usage
It is necessary to create the parameter before running the component deploy {.is-warning}
The serverless commands provided by the plugin:
- sls create_parameter: Use it to create a new secure string parameter
- sls remove_parameter: Use it to remove a secure string parameter
Create Parameter
Use it to create a new secure string parameter
sls create_parameter --stage <value>
The process to create parameter require four steps:
- GenerateSecretValue: step necessary to generate the secure string value
- PutParameter: step responsible for creating or updating the parameter
- GetParameter: step responsible for retrieving the parameter if it was successfully created
- UpdateEnvVars: step responsible for updating the value of the parameter on environment vars
Remove Parameter
Use it to remove a secure string parameter
--name the parameter identification name (required)
sls remove_parameter --name 'parameter name'
Running tests
npm run test
Issue Reporting
If you have found a bug or if you have a feature request, please report them at this repository issues section.
1 year ago
1 year ago
1 year ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago
2 years ago