serverless-ssm-manager v1.0.0
Sync your local SSM parameters with the ones for your stack. Don't forget to add your local
ssmparameters.jsonto your gitignore. Do NOT send your encryption keys and such to your version control.
🏠 WorkCast Homepage
Install
npm install serverless-ssm-parametersUsage
Add the plugin to your serverless yml:
plugins
- serverless-ssm-parametersCreate a new parameter
sls param_add
In the AWS Systems Manager Console:
Usage in your serverless.yml
As an example, serverless lets you prefix with ssm: to pull values from your SSM parameters. Here is an example with the ~true suffix. this means a SecureString.
~split is a comma separated StringList
environment:
SECRET_TOKEN: ${ssm:/${self:service}/TEST_SECURE_STRING~true}Push local ssmparameters.json parameters to SSM
sls params_pushPull SSM parameters to local ssmparameters.json
sls params_pullSecurity Suggestion
Use the ssmparameters.json to stage your params, sls params_push them, and then delete the ssmparameters.json, or move it out of the repo folder.
Upgrading params from String to SecureString
After you sls params_pull, open your ssmparameters.json and append the ~true suffix to all the param names.
{
"TEST_SECURE_STRING~true": "349uy78rt345uy789rt45ey89rt3459y80hr345t"
}Now sls params_push to upgrade all your parameters to SecureString.
Don't forget to append ~true for any references to your newly secured parameters in any serverless yml files you have, like this:
environment:
SECRET_TOKEN: ${ssm:/${self:service}/TEST_SECURE_STRING~true}Author
👤 WorkCast
- Website: www.workcast.com
- Twitter: @WorkCast
- Github: @The-WorkCast-Corporation
- LinkedIn: @workcast
Show your support
Give a ⭐️ if this project helped you!
4 years ago