Questions tagged with Parameter Store

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Hi Team, I am calling the credentials from ssm parameter store to login to database from ECS cluster. I have attached ssm full access to Job execution role even tough it's getting fail. botocore.exceptions.NoCredentialsError: Unable to locate credentials Any suggestions to this issue
0
answers
0
votes
10
views
asked 8 days ago
I created a SecureString parameter in AWS Systems Manager Parameter Store. It uses the default KMS key for encryption/decryption. I also created an association in State Manager to run "AWS-RunPowerShellScript" using the command "Net.exe user administrator {{ssh:<name of my parameter>}}" to have State Manager update the password across all of my associated Windows EC2 instances. However, the update only works when I reference a String parameter but does NOT work when I reference a SecureString parameter. Any ideas why I can't reference a SecureString parameter? How do I reference a SecureString parameter in this State Manager association?
1
answers
0
votes
31
views
asked 18 days ago
I guess this is more a suggestion than a question, but I'd love to hear the opinion of other users. Using layers we can integrate Parameter Store (or Secret Manager) with lambda, which is extremely useful since values are cached etc. However, I was thinking, wouldn't it be more efficient to simply "push" values from Parameter Store to lambda metadata (i.e. to env variables, which anyways are encrypted at rest)? In that way we could control everything centrally from Secret Manager, no need for lambda extensions : Parameter store would keep a list of "subscribed" lambda functions and propagate changes whenever they occur, information would be then retrieved locally from the lambda function, no API calls, etc.
1
answers
0
votes
52
views
FAgosti
asked 2 months ago
I have been trying to use the AWS Parameters and Secrets Lambda Extension to access parameters from the parameter store using this guide https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html The problem is that if I try to access the parameter store(which runs on http://localhost:2773) as soon as the lambda starts up then I get a 400 `BadRequestException` error from the parameter store with the message `not ready to serve traffic, please wait` If I add a delay of 100ms before accessing the parameter store then it works fine and successfully fetches the parameters. The 100ms delay is a blocker for using it in any production environment. Is there a way to use the extension without introducing any wait times for initialization? Thanks
0
answers
0
votes
68
views
Sameer
asked 2 months ago
I am attempting to access system parameters from a Lambda developed using C# I have added the required lambda layer as per https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#ps-integration-lambda-extensions-sample-commands The lambda execution role has the following in the IAM definition (???????? replacing actual account id) ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ssm:*" ], "Resource": "arn:aws:ssm:*:???????????:parameter/*" } ] } ``` As per the AWS page reference above I made a HTTP GET request to http://localhost:2773/systemsmanager/parameters/get/?name=/ClinMod/SyncfusionKey&version=1 This is failing with the following response ``` { "Version": "1.1", "Content": { "Headers": [ { "Key": "Content-Type", "Value": [ "text/plain" ] }, { "Key": "Content-Length", "Value": [ "31" ] } ] }, "StatusCode": 401, "ReasonPhrase": "Unauthorized", "Headers": [ { "Key": "X-Amzn-Errortype", "Value": [ "AccessDeniedException" ] }, { "Key": "Date", "Value": [ "Thu, 01 Dec 2022 12:16:59 GMT" ] } ], "TrailingHeaders": [], "RequestMessage": { "Version": "1.1", "VersionPolicy": 0, "Content": null, "Method": { "Method": "GET" }, "RequestUri": "http://localhost:2773/systemsmanager/parameters/get/?name=/ClinMod/SyncfusionKey&version=1", "Headers": [], "Properties": {}, "Options": {} }, "IsSuccessStatusCode": false } ```` Any clues where I am going wrong?
2
answers
0
votes
57
views
asked 2 months ago
The [AWS documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html#sample-commands-ps) for the Parameters and Secrets Lambda Extension states: ``` To make a call using the Amazon Resource Name (ARN) for a parameter, make an HTTP GET call similar to the following. GET http://localhost:port/systemsmanager/parameters/get?name=arn:aws:ssm:us-east-1:123456789012:parameter/MyParameter ``` however these requests return a 400 stating the parameter name is invalid. Here's a quick example to demonstrate the successful request using the parameter name, and the failed request using the parameter ARN: ```py import json import os from botocore.vendored import requests def lambda_handler(event, context): name_url = 'http://localhost:2773/systemsmanager/parameters/get?name=test-param' arn_url = 'http://localhost:2773/systemsmanager/parameters/get?name=arn:aws:ssm:us-east-2:{ACCOUNT_ID}:parameter/test-param' headers = {'X-Aws-Parameters-Secrets-Token': os.environ['AWS_SESSION_TOKEN']} name_resp = requests.get(name_url, headers=headers) print(f'NAME RESPONSE: {name_resp.status_code} > {name_resp.text}') arn_resp = requests.get(arn_url, headers=headers) print(f'ARN RESPONSE: {arn_resp.status_code} > {arn_resp.text}') ``` and the output: ``` NAME RESPONSE: 200 > {"Parameter":{"ARN":"arn:aws:ssm:us-east-2:{ACCOUNT_ID}:parameter/test-param","DataType":"text","LastModifiedDate":"2022-11-26T02:25:14.669Z","Name":"test-param","Selector":null,"SourceResult":null,"Type":"SecureString","Value":"AQICAH....=","Version":2},"ResultMetadata":{}} ARN RESPONSE: 400 > an unexpected error occurred while executing request [AWS Parameters and Secrets Lambda Extension] 2022/11/26 18:09:36 ERROR GetParameter request encountered an error: operation error SSM: GetParameter, https response error StatusCode: 400, RequestID: {REQUEST_ID}, api error ValidationException: Invalid parameter name. Please use correct syntax for referencing a version/label <name>:<version/label> ``` The docs also state: ``` When using GET calls, parameter values must be encoded for HTTP to preserve special characters. ``` however the error still occurs whether the ARN colons and/or slash are URL-encoded or not like so: ``` http://localhost:2773/systemsmanager/parameters/get?name=arn%3Aaws%3Assm%3Aus-east-2%3A{ACCOUNT_ID}%3Aparameter/test-param http://localhost:2773/systemsmanager/parameters/get?name=arn%3Aaws%3Assm%3Aus-east-2%3A{ACCOUNT_ID}%3Aparameter%2Ftest-param ``` Am I missing something here or is the documentation incorrect in that an ARN can be used for these requests?
0
answers
0
votes
102
views
andy
asked 2 months ago
Hey, we tried to use the AWS-Parameters-and-Secrets-Lambda-Extension to get some parameters within our Lambda Function. Unfortunately the code of the layer throws an error. As far I can tell from the outside it looks like a race condition error. It mostly happens after the function got deployed and runs for the first time, or when it comes back from a cold start. I do not know if this is the right place to report it, but here are some details. Let me know if there is a Repo where I can create an Issue. Environment: Lambda, `arm64`, `Node.js 16.x` Layer: `arn:aws:lambda:eu-west-1:015030872274:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:2` Error: ``` fatal error: concurrent map read and map write goroutine 8 [running]: golang.a2z.com/GoAmzn-SSMParameterStoreLambdaExtension/cache.(*Cache).Add(0x40001a6140, {0x31f0e0?, 0x400001f990}, {0x36e2c0?, 0x4000484900}, 0x6a3780?) /local/p4clients/pkgbuild-6j8da/workspace/src/GoAmzn-SSMParameterStoreLambdaExtension/cache/cache.go:69 +0x114 golang.a2z.com/GoAmzn-SSMParameterStoreLambdaExtension/parameters.(*Retriever).Get(0x40001b4280, 0x40001e1b90) /local/p4clients/pkgbuild-6j8da/workspace/src/GoAmzn-SSMParameterStoreLambdaExtension/parameters/retriever.go:107 +0x84c ... /opt/brazil-pkg-cache/packages/GoLang/GoLang-1.x.89619.0/AL2_x86_64/DEV.STD.PTHREAD/build/lib/src/net/http/transport.go:1752 +0x1234 ``` The stack trace is very long so i skipped a lot in between `...` if one need it please ask.
0
answers
0
votes
35
views
asked 3 months ago
What is the difference between extensions and powertools when fetching in cache from parameter store? In the first place, is the mechanism of the cache function different? I want to use cache for reading from parameter store in my lambda and I am comparing below two features. - [Parameter Store parameters in AWS Lambda functions](https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html) - [AWS Lambda Powertools for Python Parameters](https://awslabs.github.io/aws-lambda-powertools-python/2.0.0/utilities/parameters/) Please tell us about the main points of comparison. ## Supplementary information - Runtime is python - I think there is a difference that the TTL setting can be specified for each key or for the entire lambda process
0
answers
0
votes
19
views
ks
asked 3 months ago
Hi all, this is my first post here after reading a lot of articles and the official AWS EB documentation. I spent a couple of days trying to find a solution, but I did not find it, for now :). I have an EB environment and due to the 4095Kb limitation (a shame), I have to get the environment variables from the **Parameter Store** . I've created two bash scripts, (thanks to a[ few articles I read](https://www.fullstackerconsulting.com/2021/09/09/how-can-i-use-the-aws-systems-manager-parameter-store-with-an-aws-elastic-beanstalk-instance-to-manage-environment-variables)), to get these parameters and "inject" them to the /opt/elasticbeanstalk/deployment/env file. These two scripts have the same code, and I added them to /**hooks**/**postdeploy** and to **confighooks**/**postdeploy**, everything seems to work fine, because the parameters from the **Parameter Store** are injected correctly to the env file, but... the variables are not accessible in my PHP code. The "funny" thing is that if I add the same variable to the Elastic Beanstalk **configuration->software** UI, the variable is duplicated in the env file and in the "**cfn-metadata-cache.json**", but if I remove it again from the EB UI ( configuration->software ) the variable disappears, voila! (it does not matter if it still exists in the parameter store) Is this an EB bug? I really would like to be able to add all my environment variables to the Parameter Store, any ideas? Thanks in advance note: I added more details in this post I have created in StackOverflow https://stackoverflow.com/questions/74258162/elastic-benstalk-environment-variables
0
answers
0
votes
19
views
asked 3 months ago
By adding a specific value in Parameter Store in AWS System Manager Is there any way to add the below EC2 basic monitoring metrics? **CPUUtilzation, StatusCheckFailed, StatusCheckFailed_Instance, StatusCheckFailed_System NetworkIn, NetworkOut, NetworkPacketsIn, NetworkPacketsOut EBSReadBytes, EBSReadOps, EBSWriteBytes, EBSWriteOps** ``` { "agent": { "metrics_collection_interval": 60, "region": "ap-northeast-2", "run_as_user": "root" }, "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "/var/log/syslog", "log_group_name": "DevSystemLogs", "log_stream_name": "syslog" }, { "file_path": "/var/log/auth.log", "log_group_name": "DevSystemLogs", "log_stream_name": "authlog" }, { "file_path": "/var/log/cmdlog.log", "log_group_name": "DevSystemLogs", "log_stream_name": "cmdlog" } ] } } }, "metrics": { "namespace": "Dev/custom", "append_dimensions": { "ImageID": "${aws:ImageId}", "InstanceId": "${aws:InstanceId}", "InstanceType": "${aws:InstanceType}", "AutoScalingGroupName": "${aws:AutoScalingGroupName}" }, "metrics_collected": { "cpu": { "resources": [ "*" ], "measurement": [ ], "totalcpu": true, "metrics_collection_interval": 10, "append_dimensions": { "osw_test5": "osw_test5" } }, "disk": { "measurement": [ "used_percent" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 60 } } } } ``` I would like to see the above metrics when I clicked all metrics in Cloudwatch and clicked Custom Namespace
1
answers
0
votes
50
views
asked 3 months ago
We have an ECS cluster in us-west-2 that runs a few ECS services. We run some ECS tasks that are invoked periodically via EventBridge. All tasks use the EC2 launch type and run on container instances that we manage with an Auto Scaling Group. AMI used currently is amzn2-ami-ecs-hvm-2.0.20220630-x86_64-ebs. Container instances are launched in private subnets and VPC endpoints are set up for a few AWS services, including SSM. A few months ago we started seeing missed checkins from the periodically launched tasks and saw that at least some of them failed to launch due to a timeout from the SSM API endpoint. In ecs-agent's log, it shows up like: > level=error time=2022-09-19T22:30:56Z msg="Failed to create task resource" error="fetching secret data from SSM Parameter Store in us-west-2: RequestError: send request failed\ncaused by: Post \"https://ssm.us-west-2.amazonaws.com/\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" task="..." resource="ssmsecret" > level=info time=2022-09-19T22:30:56Z msg="Setting terminal reason for task" reason="fetching secret data from SSM Parameter Store in us-west-2: Request Error: send request failed\ncaused by: Post \"https://ssm.us-west-2.amazonaws.com/\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)" task="..." We tried increasing the throughput of SSM Parameter Store through its settings, but it didn't seem to have an effect. https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-throughput.html Other guides and Q&As I could find were about network misconfigurations that would lead to a complete inability to talk to SSM, whereas the symptom I'm seeing is only intermittent; the ECS tasks get launched without an issue most of the time. https://aws.amazon.com/premiumsupport/knowledge-center/ssm-tcp-timeout-error/ What could be the cause? What else can I look into?
0
answers
0
votes
33
views
asked 4 months ago
I’m currently working on a java project that will be deployed to elastic beanstalk and storing all the sensitive properties to parameter store. My problem is I need to restart the App server on elastic beanstalk after the deployment to get those parameters to work. I need that to be automatically picked up or automatically restart the app server. Example: I need to store db access details in parameter store and make them available in environment properties in elastic beanstalk and I have done that by adding a bash script file in .platform folder to get the parameters and add them to env files /opt/elasticbeanstalk/deployment/env ![Enter image description here](/media/postImages/original/IM9nY14CVuRE-aFek6wnWL7Q) Referenced link: https://www.fullstackerconsulting.com/2021/09/09/how-can-i-use-the-aws-systems-manager-parameter-store-with-an-aws-elastic-beanstalk-instance-to-manage-environment-variables/ Aws: https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/platforms-linux-extend.html For demo App, I'm using java to get the properties through “System.getenv("dbusername");” The scripts are running and I’m able to access the parameter store properties but the problem is I need to restart the App server on elastic beanstalk to work these properties. Can you please someone suggest to me that I can run the App server automatically once the application is deployment is done? Let me know if you need any further information related to my issue.
0
answers
0
votes
23
views
asked 5 months ago