I'm using
GitBash v2.17.0
AWS CLI v1.16.67
Windows 10
Problem
I've created a SecureString parameter in the AWS SSM Parameter Store. For sake of example, let's call the parameter
/levelOne/levelTwo
I'm trying to retrieve the parameter using the AWS CLI. To do this I am using the following command:
aws ssm get-parameters --names '/levelOne/LevelTwo' --with-decryption
The problem is that the result returned is this:
As you can see, the parameter is being prefixed with C:/Program Files/Git.
Can anyone explain what I have done wrong please?
Thanks
This is caused by POSIX path conversion in MinGW.
You can work around this by substituting // for the leading /, and then replacing the subsequent forward slashes with backslashes, e.g.
aws ssm get-parameters --names '//levelOne\levelTwo'
This command will only run correctly in MinGW, i.e. it will fail in Bash or Windows CMD.
I faced the same issue.
Check the region selected while you create the parameter store from the console.
The reason for this is that Aws-ssm is regional service.
aws ssm get-parameters --names "/levelOne/LevelTwo" --region us-west-1 --with-decryption
i got it working by adding a space in front of the names parameter value. To get it working os independent.
aws ssm get-parameters --names " /levelOne/LevelTwo" --with-decryption
Related
I have a few versions of a SecureString value in AWS Parameter Store. When the following command is invoked locally:
aws ssm get-parameter --with-decryption --name "/my/secret/path" --output text --query Parameter.Value
I get the latest version of the parameter. However, when this is enacted via a GitHub runner, it is only ever getting version 1 of the parameter. When I attempt to specify the version:
aws ssm get-parameter --with-decryption --name "/my/secret/path:4" --output text --query Parameter.Value
I get a message back saying that version 4 of the parameter doesn't exist, although the query does execute when run locally.
I have tried running it with Parameter.Version without the version number specified to confirm and have confirmed when I run it locally, version 4 comes back, but when the runner executes it, version 1 comes back.
AWS CLI 2.8.6 is being used both locally and on the Runner. The documentation says that this should be returning the latest version when no version is specified
Has anyone experienced this before and are there any tricks to getting this to work?
Much appreciation to Marcin above who very quickly pointed out that there may be a difference in accounts coming into effect. The secret had been updated in one but not the other, and the identical naming was throwing the investigation off. I was able to resolve this by updating the secret in both the account that the local environment and the GitHub environment were using.
I am new to AWS. I am working on integrating SSM parameters to store database passwords and use the same at the time of cloud formation.
We observed a issue with SSM Parameters value having special characters at the beginning of the string.
For example, if the password is Test#123, its working fine. But if the password is #Test!123 then it’s not working.
Is there any work around for the same.
Alright, I think I found the solution to my problem. I have a password like this "complicated!word+=!here!help+", and this is how I am able to escape it:
aws ssm put-parameter --name /config/my-api_alpha/my-db.jdbc.password --value “complicated\!word+=\!here\!help+” --type SecureString --key-id arn:aws:kms:us-east-1:1234567890:key/this-is-a-kms-keyId
The double quotes are optional; this produces the same result:
aws ssm put-parameter --name /config/my-api_alpha/my-db.jdbc.password --value complicated\!word+=\!here\!help+ --type SecureString --key-id arn:aws:kms:us-east-1:1234567890:key/this-is-a-kms-keyId
I resolved this by enclosing the password beginning with special characters in double quotes. For example
#Test!123
I am working on AWS, where we have instances running SSM client. For automation, I am passing certain commands to these instances time-to-time. Currently, I have them setup with instance-id. This is proving inflexible for us, since any change to instance-id, will force me to update repository-code, and it's a hardcoded value.
How can I replace instance-id with tag:Name or similar.
Current code :
aws ssm send-command --instance-ids 'i-12434546' --region 'eu-central-1' --document-name 'AWS-RunShellScript' --comment 'Restart Pod' --parameters commands='sudo -u ubuntu kubectl rollout restart deployment.v1.apps/supplier-service-deployment' --output text
I want to replace
--instance-ids 'i-12434546'
With tag:Name. Any help would be nice. Thank you. :-)
The answer to your question is provided directly on the documentation page (https://docs.aws.amazon.com/cli/latest/reference/ssm/send-command.html)
To target a larger number of instances, or if you prefer not to list individual instance IDs, we recommend using the Targets option instead. Using Targets , which accepts tag key-value pairs to identify the instances to send commands to, you can a send command to tens, hundreds, or thousands of instances at once.
You can use --targets option instead of --instance-ids:
aws ssm send-command \
--targets Key=tag:tag-name,Values=tag-value \
[...]
How do I list all parameters in the AWS Systems Manager (SSM) Parameter Store? I am using the AWS CLI.
I can store them with aws ssm put-parameter. I can fetch them with aws ssm get-parameter. I can list all documents with aws ssm list-documents, but I do not see a corresponding list-parameters function.
I think what you want is
aws ssm describe-parameters
docs
You are looking for describe-parameters.
If you need to list parameters' name and know the path you could use the following:
aws ssm get-parameters-by-path \
--path "/my-common-path" \
--recursive \
--query "Parameters[*].Name"
Alright, so I'm trying to programmatically store my Serverless generated API endpoint in parameter store for another project to ingest.
Just for an example, I'm going to try to store google.com.
aws ssm put-parameter --name /dev/someStore --value https://google.com --type String
This fails, understandably so.
Error parsing parameter '--value': Unable to retrieve https://google.com: received non 200 status code of 301
However, if I wrap the URL in quotes...
aws ssm put-parameter --name /dev/someStore --value "https://google.com" --type String
It still fails with the same error. Is there any way to stop the cli from trying to evaluate the URL and just save the goddamn string?
This is happening because of a questionable behavior by awscli v1. When it sees a URL, it invokes an HTTP GET for a result. This does not happen in awscli v2.
You can work around this behavior as follows:
aws ssm put-parameter --cli-input-json '{
"Name": "/dev/someStore",
"Value": "https://google.com",
"Type": "String"
}'
Or you can store the JSON in a file named params.json and invoke:
aws ssm put-parameter --cli-input-json file://params.json
The underlying issue was reported at aws/aws-cli/issues/2507.
By default AWS CLI follows any string parameters that start with https:// or http://. These URLs are fetched, and the downloaded content is used as the parameter instead of URL.
To make CLI not treat strings prefixed with https:// or http:// any differently than normal string parameters run:
aws configure set cli_follow_urlparam false
cli_follow_urlparam controls whether or not the CLI will attempt to follow URL links in parameters that start with either prefix https:// or http://.
See https://docs.aws.amazon.com/cli/latest/topic/config-vars.html
Problem:
aws ssm put-parameter --name /config/application/some-url --value http://google.com --type String --region eu-central-1 --overwrite
Error parsing parameter '--value': Unable to retrieve http://google.com: received non 200 status code of 301
Solution:
aws configure set cli_follow_urlparam false
aws ssm put-parameter --name /config/application/some-url --value http://google.com --type String --region eu-central-1 --overwrite
{
"Version": 1
}
The GitHub discussion on this topic, linked by #jarmod, also had another solution for this. I'll replicate it here for others to avoid scanning through the whole thread.
Add the following to your ~/.aws/config along with any other settings present.
[default]
cli_follow_urlparam = false
P.S. Seems that it is also mentioned in the AWS documentation under "Loading Parameters from a File" section.
Another option to make this work is to not include the https protocol in the value and just the domain name or the path. After retrieval add the protocol appropriate. some times we wanted to use https or http or even ssh. Take git url for example. Multiple protocols for accessing the resource with appropriate ports where the path is the required value
To complement #jarmod answers, here is an example showing
how one can deal with Overwrite file, url in bash variable and making the json multi-line string.
URL='https://www.some.url.com'
json_params='{'
json_params+='"Name": "/param/path",'
json_params+='"Value": "'${URL}'",'
json_params+='"Type": "String",'
json_params+='"Overwrite": true'
json_params+='}'
aws ssm put-parameter \
--cli-input-json "${json_params}"