By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How to reference a shared ssm parameter(ram based) with Cloudformation

0

Based on the new SSM Advanced Parameter Cross Account Sharing https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/ and https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types I need to use the RAM ARN of the shared SSM Parameter

As is mentioned in the documentation

For SSM parameters shared by another AWS account, enter the full parameter ARN. For more information about Systems Manager parameters, see Systems Manager Parameter Store and Working with shared parameters in the AWS Systems Manager User Guide.

I couldn't find an example on how to reference it in Cloudformation

I tried

AWS::SSM::Parameter::Name
Default: <The SSM Shared ARN>
Topics
Management & Governance
Tags
AWS CloudFormationAWS Systems ManagerParameter Store
Language
English
aws-lmayorga
asked a month ago423 views
1 Answer
0

For SSM parameters shared by another AWS account, enter the full parameter ARN.

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#aws-ssm-parameter-types

for example:

Resources:
  MyEC2Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      # Other EC2 properties...
      UserData:
        Fn::Base64:
          Fn::Sub: |
            #!/bin/bash
            echo "${MyParameter}"
Parameters:
  MyParameter:
    Description: SSM parameter value
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: 'arn:aws:ssm:REGION:SOURCE_ACCOUNT_ID:parameter/PARAMETER_NAME'
profile picture
EXPERT
Oleksii Bebych
answered a month ago
  • aws-lmayorga
    a month ago

    I tried the suggested approach but I am getting an error

    An error ocurred (Internal Failure) when calling the CreateChangeSet operation (reached max retries: 2) Unknown

    I did upgrade the AWS CLI to version 2.15. Also I was able to run aws ssm get-parameter --name <remote-parameter-arn> from the target account without any issues..

  • aws-lmayorga
    a month ago

    after running cfn-lint -t mytemplate.yml I got the following response

    W2506 Parameter LatestAmiId should be of type [AWS::EC2::Image::Id, AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>]

    Tried the approach and got the same results.

  • Oleksii Bebych EXPERT
    a month ago

    can you provide a full CF Template ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content