⚡️ serverless-ssm-publish
Publish custom data to AWS SSM Parameter Store from serverless.yaml or Cloud Formation Output
Install
- Install with your choice of npm/yarn
npm install serverless-ssm-publish --save-dev
yarn add serverless-ssm-publish --save-dev
- Add the plugin to your
plugins
section in the serverless.yaml
plugins: - serverless-ssm-publish
Usage
During deployment
Add any params you want published to SSM to your serverless.yaml custom section.
You can use source
to give the name of a Cloud Formation Output value you want published to SSM.
Ssm publish compares existing values and will only write if no value exists/ the value has changed.
resources: Outputs: ExampleStaticValue: Value: example-static-value Export: Name: 'service-staticValue' Description: initial description custom: secretToken: ${opt:secretToken} vpc: securityGroupIds: ['sg-nnnnnnnnnnnnn','sg-mmmmmmmmmm'] someConfiguration: foo: bar baz: 1 more: - stuff - here ssmPublish: enabled: true # Needs to be set to true params: # simple usage, `value` is a string - path: /global/tokens/secretToken value: ${self:custom.secretToken} description: Super Secret Token # description is optional secure: true # defaults to true enabeld: false # defaults to true, allows granular control over publishing params # `value` can be an object; it is serialized to YAML before upload to SSM - path: /global/tokens/secretToken value: ${self:custom.someConfiguration} # `source` can be used as an alternative to `value`. If `source` is given, ssmPublish will retrieve # the matching value from the service's CloudFormation Stack Outputs - path: /service/config/storageBucket source: ExampleStaticValue secure: false - path: /infrastructure/config/vpc/securityGroupIds value: ${self:custom.vpc.securityGroupIds} description: System VPC Security Group Ids type: StringList
From the CLI
You can also call the plugin directly in order to update SSM params without running deployment/packaging.
sls ssmPublish