aws · mergify · Jan 31, 2022 · Jan 28, 2022 · Jan 31, 2022
diff --git a/packages/@aws-cdk/core/lib/secret-value.ts b/packages/@aws-cdk/core/lib/secret-value.ts
@@ -71,8 +71,9 @@ export class SecretValue extends Intrinsic {
    * latest version of the parameter.
    */
   public static ssmSecure(parameterName: string, version?: string): SecretValue {
-    const parts = [parameterName, version ?? ''];
-    return this.cfnDynamicReference(new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE, parts.join(':')));
+    return this.cfnDynamicReference(
+      new CfnDynamicReference(CfnDynamicReferenceService.SSM_SECURE,
+        version ? `${parameterName}:${version}` : parameterName));
   }
 
   /**

diff --git a/packages/@aws-cdk/core/test/secret-value.test.ts b/packages/@aws-cdk/core/test/secret-value.test.ts
@@ -127,7 +127,7 @@ describe('secret value', () => {
     const v = SecretValue.ssmSecure('param-name');
 
     // THEN
-    expect(stack.resolve(v)).toEqual('{{resolve:ssm-secure:param-name:}}');
+    expect(stack.resolve(v)).toEqual('{{resolve:ssm-secure:param-name}}');
   });
 
   test('cfnDynamicReference', () => {