Modify SSM Document using CDK

0

I want to share the ssm document with another account via CDK lib. I am able to do the same via console and aws-cli. below is the command for aws-cli2 aws ssm --profile=dsc-dev modify-document-permission
--name 'myRunbookCDK'
--permission-type Share
--account-ids-to-add '111111111111' But there seems to be nothing similar in CDK . could you pls confirm if we can achieve the same via CDK and how?

dsc-dev
asked 2 years ago896 views
1 Answer
0

Hello! I understand that you'd like to modify the permissions of the AWS Systems Manager document created using CDK. CDK uses AWS CloudFormation to provision the resources defined in code. Currently, when a SSM document is defined using the CfnDocument construct the resource is provisioned using the AWS::SSM::Document resource type. Currently, this resource type doesn't support updating the permissions of a document. As a result, modifying permissions of a document is not supported via CDK.

That being said, I have created a feature request for supporting permission management via the AWS::SSM:Document resource type. This request can be tracked here.

In the meantime, it is possible to leverage CustomResources construct to perform the ModifyDocumentPermission API call and manage permissions for the SSM document via the same CDK application. An example for using custom-resources is available here.

Please let us know if you have any questions.

AWS
Deepak
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions