Menu
Amazon EC2 Systems Manager
User Guide

Systems Manager Parameter Store Walkthroughs

The following walkthroughs show you how to create, store, and execute parameters with Parameter Store in a test environment. These walkthroughs show you how to use Parameter Store with other Systems Manager capabilities. You can also use Parameter Store with other AWS services, as described in the following blog post, Use Parameter Store to Securely Access Secrets and Config Data in AWS CodeDeploy.

Systems Manager Parameter Store Console Walkthrough

The following procedure walks you through the process of creating a parameter in Parameter Store and then executing a Run Command command that uses this parameter.

To create a parameter using Parameter Store

  1. Open the Amazon EC2 console, expand Systems Manager Shared Resources in the navigation pane, and then choose Parameter Store.

  2. Choose Create Parameter.

  3. For Name, type helloWorld.

  4. In the Description field, type a description that identifies this parameter as a test parameter.

  5. For Type, choose String.

  6. In the Value field, echo a word.

  7. Choose Create Parameter and then choose OK after the system creates the parameter.

  8. In the EC2 console navigation pane, expand Commands and then choose Run Command.

  9. Choose Run a command.

  10. In the Command Document list, choose AWS-RunPowershellScript (Windows) or AWS-RunShellScript (Linux).

  11. Under Target instances, choose the instance you created earlier.

  12. In the Commands field, type echo {{ssm:helloWorld}} and then choose Run.

  13. In the command history list, choose the command you just ran, choose the Output tab, and then choose View Output.. They output is the name of the parameter you created earlier, for example, {{ssm:helloWorld}}.

Systems Manager Parameter Store CLI Walkthrough

The following procedure walks you through the process of creating and storing a parameter using the AWS CLI.

To create a String parameter using Parameter Store

  1. Download the AWS CLI to your local machine.

  2. Execute the following command to create a parameter that uses the String data type.

    Copy
    aws ssm put-parameter --name a name --type String –-value "a value, for example "helloWorld""
  3. Execute the following command to view the parameter metadata.

    Copy
    aws ssm describe-parameters --filters "Key=Name,Values=helloWorld"
  4. Execute the following command to change the parameter value.

    Copy
    aws ssm put-parameter --name "helloWorld" --type String --value ""good day sunshine"" --overwrite
  5. Execute the following command to view the latest parameter value.

    Copy
    aws ssm get-parameters --name "helloWorld"
  6. Execute the following command to view the parameter value history.

    Copy
    aws ssm get-parameter-history --name "helloWorld"
  7. Execute the following command to use this parameter in a Run Command command.

    Copy
    aws ssm send-command --name "AWS-RunPowerShellScript" --parameters "commands=["echo {{ssm:helloWorld}}"]" --targets "Key=instanceids,Values=the ID of the instance you created earlier"

To create a Secure String parameter using Parameter Store

  1. Execute one of the following commands to create a parameter that uses the Secure String data type.

    Create a Secure String parameter that uses your default KMS key

    Copy
    aws ssm put-parameter --name "a name" --value "a value, for example P@ssW%rd#1" --type "SecureString"

    Create a Secure String parameter that uses a custom KMS key

    Copy
    aws ssm put-parameter --name "a name" --value "a value, for example P@ssW%rd#1" --type "SecureString" --key-id "your AWS user account alias/the custom KMS key"
  2. Execute the following command to view the parameter metadata.

    Copy
    aws ssm describe-parameters --filters "Key=Name,Values=the name that you specified"
  3. Execute the following command to change the parameter value.

    Updating a Secure String parameter that uses your default KMS key

    Copy
    aws ssm put-parameter --name "the name that you specified" --value "new value" --type "SecureString" --overwrite

    Updating a Secure String parameter that uses a custom KMS key

    Copy
    aws ssm put-parameter --name "the name that you specified" --value "new value" --type "SecureString" --key-id "your AWS user account alias/the custom KMS key" --overwrite
  4. Execute the following command to view the latest parameter value.

    Copy
    aws ssm get-parameters --names "the name that you specified" --with-decryption
  5. Execute the following command to view the parameter value history.

    Copy
    aws ssm get-parameter-history --name "the name that you specified"