Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ssm): support cross-account sharing #30646

Merged
merged 15 commits into from
Aug 19, 2024
Merged

feat(ssm): support cross-account sharing #30646

Changes from 2 commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
0726836
support cross-account sharing
pahud Jun 24, 2024
bb0f354
rephrase the doc string
pahud Jun 24, 2024
ba6a00f
add fromStringParameterArn
pahud Jul 2, 2024
a825d7e
add unit tests
pahud Jul 2, 2024
8bd1129
update README
pahud Jul 2, 2024
e887afe
add doc string for fromStringParameterArn
pahud Jul 2, 2024
0823962
add integ test
pahud Jul 3, 2024
8091245
minor doc fix
pahud Jul 3, 2024
7f0d370
update integ test
pahud Jul 3, 2024
683f143
Merge branch 'main' into pahud/aws-ssm-stringlistparameter-29292
pahud Jul 3, 2024
88d875d
minor
pahud Jul 3, 2024
5527013
add more validations
pahud Jul 4, 2024
9558a4d
update readme
pahud Jul 4, 2024
1548fa3
add annotation
pahud Aug 17, 2024
5c3359c
Merge branch 'main' into pahud/aws-ssm-stringlistparameter-29292
shikha372 Aug 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 34 additions & 0 deletions packages/aws-cdk-lib/aws-ssm/lib/parameter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -397,6 +397,20 @@ export interface StringParameterAttributes extends CommonStringParameterAttribut
* @default false
*/
readonly forceDynamicReference?: boolean;

/**
* Specifies the AWS account that is sharing the SSM parameter with the current deploying account.
*
* When this property is set, the following must occur:
* 1. The sharing account must create an AWS RAM ResourceShare that shares the parameter.
* 2. The current account must accept the invitation to the resource share.
*
* Setting this property implies that a `CfnParameter` must be used, and `forceDynamicReference` cannot be enabled.
* This is because CloudFormation dynamic references do not support cross-account parameter sharing.
*
* @default - The parameter is not being shared from a different AWS account.
*/
readonly sharingAccount?: string;
}

/**
Expand Down Expand Up @@ -481,8 +495,28 @@ export class StringParameter extends ParameterBase implements IStringParameter {

const type = attrs.type ?? attrs.valueType ?? ParameterValueType.STRING;
const forceDynamicReference = attrs.forceDynamicReference ?? false;
const sharingAccount = attrs.sharingAccount;

let stringValue: string;
// if sharingAccount specified, we just build a CfnParameter with the sharing parameter arn as its default value
if (sharingAccount) {
const sharingParameterArn = Stack.of(scope).formatArn({
service: 'ssm',
account: attrs.sharingAccount,
resource: 'parameter',
resourceName: attrs.parameterName,
});
if (forceDynamicReference) {
throw new Error('forceDynamicReference cannot be enabled when sharingAccount is specified');
}
if (Token.isUnresolved(attrs.parameterName) && Fn._isFnBase(Tokenization.reverseString(attrs.parameterName).firstToken)) {
// the default value of a CfnParameter can only contain strings, so we cannot use it when a parameter name contains tokens.
throw new Error('parameter name cannot contain tokens with sharingAccount');
} else {
stringValue = new CfnParameter(scope, `${id}.Parameter`, { type: `AWS::SSM::Parameter::Value<${type}>`, default: sharingParameterArn }).valueAsString;
}
} else
// not from a sharing account
if (attrs.version) {
stringValue = new CfnDynamicReference(CfnDynamicReferenceService.SSM, `${attrs.parameterName}:${Tokenization.stringifyNumber(attrs.version)}`).toString();
} else if (forceDynamicReference) {
Expand Down
Loading