By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to pass a SecureString parameter to a command in State Manager association

0

I created a SecureString parameter in AWS Systems Manager Parameter Store. It uses the default KMS key for encryption/decryption. I also created an association in State Manager to run "AWS-RunPowerShellScript" using the command "Net.exe user administrator {{ssh:<name of my parameter>}}" to have State Manager update the password across all of my associated Windows EC2 instances. However, the update only works when I reference a String parameter but does NOT work when I reference a SecureString parameter.

Any ideas why I can't reference a SecureString parameter? How do I reference a SecureString parameter in this State Manager association?

Topics
Security, Identity, & ComplianceManagement & GovernanceCompute
Tags
AWS Key Management ServiceAWS Systems ManagerWindows ProvisioningIAM PoliciesParameter Store
Language
English
rePost-User-3324188
asked a year ago913 views
1 Answer
1
Accepted Answer

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-param-runcommand.html

SSM documents don't support references to SecureString parameters. This means that to use SecureString parameters with, for example, Run Command, you have to retrieve the parameter value before passing it to Run Command.

Maciej Malek
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content