By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Create a way to ensure a file in a linux filesystem is always matching a parameter value in parameter store.

1

I am managing a set of instances in AWS Systems Manager (SSM), which are logically grouped into development, beta, and production environments. For each environment, I've created an SSM document that fetches a specific parameter value and writes it to a defined path on the respective instances' filesystems. My objective is to ensure that the file created on these instances is always in sync with the current parameter value. Specifically, I want a system that automatically updates the file whenever the parameter value changes, or alternatively, checks periodically for changes and updates the file if necessary. Currently, I'm considering adding this process to an after-install hook in AWS CodeDeploy. However, I'm also exploring the possibility of creating SSM State Manager associations for this purpose. Additionally, I've been looking into AWS AppConfig as a potential solution, but I'm not sure if or how it could be used for this particular use case.

What would be the recommended approach to ensure that these files are always up-to-date with their corresponding parameter values? Does a specific AWS service, feature or combination that may be best suited for this task come to mind?

Topics
Management & GovernanceDevOpsCompute
Tags
AWS Systems ManagerDevOpsParameter StoreLinux
Language
English
DimitrisMagnis
asked 9 months ago308 views
1 Answer
1

I think this is what you are looking for: Setting up notifications or trigger actions based on Parameter Store events.

Another solution is to simply use Cron on the instances to check the parameter store value periodically.

You can use AWS Config and Systems Manager to monitor the inventory on the instance. See:

I have not personally set this up for instances but it is the closest thing I could find.

profile pictureAWS
EXPERT
kentrad
answered 9 months ago
  • Chrysostomos
    9 months ago

    Parameter Store event-based triggers seems the way to go here indeed, and as OP mentions, they could also do the check on SSM to assure compliance and/or trigger the same action in case of a non-compliant resource.

  • DimitrisMagnis
    9 months ago

    Thank you for your suggestions. I can see how setting up notifications or trigger actions based on Parameter Store events, or using cron jobs to check the parameter store value periodically, could be useful for ensuring the parameter value is correctly propagated to the file on the instances.

    However, my primary concern is not changes to the parameter value itself, but changes to the file on the instances' filesystems. Specifically, I want to be notified if the file is modified or deleted, and have a mechanism in place to automatically restore the file to its intended state.

    I am aware that I could potentially use a Linux package, like audit, to monitor the file, but ideally, I would like to achieve this through an AWS service, if possible. This way, the monitoring and remediation process would be managed entirely through AWS, rather than having a separate mechanism on the instance itself.

    Is there an AWS service or feature that could monitor a specific file on an EC2 instance and trigger a specified action if the file is modified or deleted?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content