serverless-ssm-manager v1.0.0
Sync your local SSM parameters with the ones for your stack. Don't forget to add your local
ssmparameters.json
to your gitignore. Do NOT send your encryption keys and such to your version control.
🏠 WorkCast Homepage
Install
npm install serverless-ssm-parameters
Usage
Add the plugin to your serverless yml:
plugins
- serverless-ssm-parameters
Create a new parameter
sls param_add
In the AWS Systems Manager Console:
Usage in your serverless.yml
As an example, serverless lets you prefix with ssm:
to pull values from your SSM parameters. Here is an example with the ~true
suffix. this means a SecureString
.
~split
is a comma separated StringList
environment:
SECRET_TOKEN: ${ssm:/${self:service}/TEST_SECURE_STRING~true}
Push local ssmparameters.json
parameters to SSM
sls params_push
Pull SSM parameters to local ssmparameters.json
sls params_pull
Security Suggestion
Use the ssmparameters.json
to stage your params, sls params_push
them, and then delete the ssmparameters.json
, or move it out of the repo folder.
Upgrading params from String
to SecureString
After you sls params_pull
, open your ssmparameters.json
and append the ~true
suffix to all the param names.
{
"TEST_SECURE_STRING~true": "349uy78rt345uy789rt45ey89rt3459y80hr345t"
}
Now sls params_push
to upgrade all your parameters to SecureString
.
Don't forget to append ~true
for any references to your newly secured parameters in any serverless yml
files you have, like this:
environment:
SECRET_TOKEN: ${ssm:/${self:service}/TEST_SECURE_STRING~true}
Author
👤 WorkCast
- Website: www.workcast.com
- Twitter: @WorkCast
- Github: @The-WorkCast-Corporation
- LinkedIn: @workcast
Show your support
Give a ⭐️ if this project helped you!
3 years ago