AWS CloudFormation
User Guide (Version )

AWS::SSM::Parameter

The AWS::SSM::Parameter resource creates an SSM parameter in AWS Systems Manager Parameter Store.

Important

To create an SSM parameter, you must have the AWS Identity and Access Management (IAM) permissions ssm:PutParameter and ssm:AddTagsToResource. On stack creation, AWS CloudFormation adds the following three tags to the parameter: aws:cloudformation:stack-name, aws:cloudformation:logical-id, and aws:cloudformation:stack-id, in addition to any custom tags you specify.

To add, update, or remove tags during stack update, you must have IAM permissions for both ssm:AddTagsToResource and ssm:RemoveTagsFromResource. For more information, see AWS Systems Manager Permissions Reference in the AWS Systems Manager User Guide.

For information about valid values for parameters, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide and PutParameter in the AWS Systems Manager API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::SSM::Parameter", "Properties" : { "AllowedPattern" : String, "Description" : String, "Name" : String, "Policies" : String, "Tags" : Json, "Tier" : String, "Type" : String, "Value" : String } }

YAML

Type: AWS::SSM::Parameter Properties: AllowedPattern: String Description: String Name: String Policies: String Tags: Json Tier: String Type: String Value: String

Properties

AllowedPattern

A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

Description

Information about the parameter.

Required: No

Type: String

Minimum: 0

Maximum: 1024

Update requires: No interruption

Name

The name of the parameter.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

Policies

Information about the policies assigned to a parameter.

Working with Parameter Policies in the AWS Systems Manager User Guide.

Required: No

Type: String

Update requires: No interruption

Tags

An array of key-value pairs to apply to this resource.

For more information, see Tag.

Required: No

Type: Json

Update requires: No interruption

Tier

The parameter tier.

Required: No

Type: String

Allowed Values: Advanced | Standard

Update requires: No interruption

Type

The type of parameter. Valid values include the following: String or StringList.

Note

AWS CloudFormation doesn't support the SecureString parameter type.

Required: Yes

Type: String

Allowed Values: SecureString | String | StringList

Update requires: No interruption

Value

The parameter value.

Required: Yes

Type: String

Update requires: No interruption

Return Values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the Name of the SSM parameter. For example, ssm-myparameter-ABCNPH3XCAO6.

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Type

Returns the type of the parameter. Valid values are String or StringList.

Value

Returns the value of the parameter.

Examples

AWS Systems Manager Parameter String Example

The following example snippet creates a Systems Manager parameter with a String type and adds the tag key-value pair "Environment":"Dev".

JSON

{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "command", "Type": "String", "Value": "date", "Description": "SSM Parameter for running date command.", "AllowedPattern" : "^[a-zA-Z]{1,10}$", "Tags": { "Environment": "DEV" } } } } }

YAML

Resources: BasicParameter: Type: "AWS::SSM::Parameter" Properties: Name: "command" Type: "String" Value: "date" Description: "SSM Parameter for running date command." AllowedPattern: "^[a-zA-Z]{1,10}$" Tags: "Environment": "DEV"

AWS Systems Manager Parameter StringList Example

The following example creates a Systems Manager parameter with a StringList type.

JSON

{ "Resources": { "BasicParameter": { "Type": "AWS::SSM::Parameter", "Properties": { "Name": "commands", "Type": "StringList", "Value": "date,ls", "Description": "SSM Parameter of type StringList.", "AllowedPattern" : "^[a-zA-Z]{1,10}$" } } } }

YAML

Resources: BasicParameter: Type: "AWS::SSM::Parameter" Properties: Name: "commands" Type: "StringList" Value: "date,ls" Description: "SSM Parameter of type StringList." AllowedPattern: "^[a-zA-Z]{1,10}$"