Amazon Simple Systems Manager (SSM)

2019/08/26 - Amazon Simple Systems Manager (SSM) - 3 updated api methods

Changes  This feature adds "default tier" to the AWS Systems Manager Parameter Store for parameter creation and update. AWS customers can now set the "default tier" to one of the following values: Standard (default), Advanced or Intelligent-Tiering. This allows customers to create advanced parameters or parameters in corresponding tiers with one setting rather than code change to specify parameter tiers.

DescribeParameters (updated) Link ¶
Changes (response)
{'Parameters': {'Tier': ['Intelligent-Tiering']}}

Get information about a parameter.

Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.

See also: AWS API Documentation

Request Syntax

client.describe_parameters(
    Filters=[
        {
            'Key': 'Name'|'Type'|'KeyId',
            'Values': [
                'string',
            ]
        },
    ],
    ParameterFilters=[
        {
            'Key': 'string',
            'Option': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type Filters

list

param Filters

One or more filters. Use a filter to return a more specific list of results.

  • (dict) --

    This data type is deprecated. Instead, use ParameterStringFilter .

    • Key (string) -- [REQUIRED]

      The name of the filter.

    • Values (list) -- [REQUIRED]

      The filter values.

      • (string) --

type ParameterFilters

list

param ParameterFilters

Filters to limit the request results.

  • (dict) --

    One or more filters. Use a filter to return a more specific list of results.

    Note

    The Name and Tier filter keys can't be used with the GetParametersByPath API action. Also, the Label filter key can't be used with the DescribeParameters API action.

    • Key (string) -- [REQUIRED]

      The name of the filter.

    • Option (string) --

      Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.

    • Values (list) --

      The value you want to search for.

      • (string) --

type MaxResults

integer

param MaxResults

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

type NextToken

string

param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

rtype

dict

returns

Response Syntax

{
    'Parameters': [
        {
            'Name': 'string',
            'Type': 'String'|'StringList'|'SecureString',
            'KeyId': 'string',
            'LastModifiedDate': datetime(2015, 1, 1),
            'LastModifiedUser': 'string',
            'Description': 'string',
            'AllowedPattern': 'string',
            'Version': 123,
            'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
            'Policies': [
                {
                    'PolicyText': 'string',
                    'PolicyType': 'string',
                    'PolicyStatus': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Parameters (list) --

      Parameters returned by the request.

      • (dict) --

        Metadata includes information like the ARN of the last user and the date/time the parameter was last used.

        • Name (string) --

          The parameter name.

        • Type (string) --

          The type of parameter. Valid parameter types include the following: String, String list, Secure string.

        • KeyId (string) --

          The ID of the query key used for this parameter.

        • LastModifiedDate (datetime) --

          Date the parameter was last changed or updated.

        • LastModifiedUser (string) --

          Amazon Resource Name (ARN) of the AWS user who last changed the parameter.

        • Description (string) --

          Description of the parameter actions.

        • AllowedPattern (string) --

          A parameter name can include only the following letters and symbols.

          a-zA-Z0-9_.-

        • Version (integer) --

          The parameter version.

        • Tier (string) --

          The parameter tier.

        • Policies (list) --

          A list of policies associated with a parameter.

          • (dict) --

            One or more policies assigned to a parameter.

            • PolicyText (string) --

              The JSON text of the policy.

            • PolicyType (string) --

              The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.

            • PolicyStatus (string) --

              The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

GetParameterHistory (updated) Link ¶
Changes (response)
{'Parameters': {'Tier': ['Intelligent-Tiering']}}

Query a list of all parameters used by the AWS account.

See also: AWS API Documentation

Request Syntax

client.get_parameter_history(
    Name='string',
    WithDecryption=True|False,
    MaxResults=123,
    NextToken='string'
)
type Name

string

param Name

[REQUIRED]

The name of a parameter you want to query.

type WithDecryption

boolean

param WithDecryption

Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.

type MaxResults

integer

param MaxResults

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

type NextToken

string

param NextToken

The token for the next set of items to return. (You received this token from a previous call.)

rtype

dict

returns

Response Syntax

{
    'Parameters': [
        {
            'Name': 'string',
            'Type': 'String'|'StringList'|'SecureString',
            'KeyId': 'string',
            'LastModifiedDate': datetime(2015, 1, 1),
            'LastModifiedUser': 'string',
            'Description': 'string',
            'Value': 'string',
            'AllowedPattern': 'string',
            'Version': 123,
            'Labels': [
                'string',
            ],
            'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
            'Policies': [
                {
                    'PolicyText': 'string',
                    'PolicyType': 'string',
                    'PolicyStatus': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • Parameters (list) --

      A list of parameters returned by the request.

      • (dict) --

        Information about parameter usage.

        • Name (string) --

          The name of the parameter.

        • Type (string) --

          The type of parameter used.

        • KeyId (string) --

          The ID of the query key used for this parameter.

        • LastModifiedDate (datetime) --

          Date the parameter was last changed or updated.

        • LastModifiedUser (string) --

          Amazon Resource Name (ARN) of the AWS user who last changed the parameter.

        • Description (string) --

          Information about the parameter.

        • Value (string) --

          The parameter value.

        • AllowedPattern (string) --

          Parameter names can include the following letters and symbols.

          a-zA-Z0-9_.-

        • Version (integer) --

          The parameter version.

        • Labels (list) --

          Labels assigned to the parameter version.

          • (string) --

        • Tier (string) --

          The parameter tier.

        • Policies (list) --

          Information about the policies assigned to a parameter.

          Working with Parameter Policies in the AWS Systems Manager User Guide .

          • (dict) --

            One or more policies assigned to a parameter.

            • PolicyText (string) --

              The JSON text of the policy.

            • PolicyType (string) --

              The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.

            • PolicyStatus (string) --

              The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

PutParameter (updated) Link ¶
Changes (request)
{'Tier': ['Intelligent-Tiering']}

Add a parameter to the system.

See also: AWS API Documentation

Request Syntax

client.put_parameter(
    Name='string',
    Description='string',
    Value='string',
    Type='String'|'StringList'|'SecureString',
    KeyId='string',
    Overwrite=True|False,
    AllowedPattern='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    Tier='Standard'|'Advanced'|'Intelligent-Tiering',
    Policies='string'
)
type Name

string

param Name

[REQUIRED]

The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For example: /Dev/DBServer/MySQL/db-string13

Naming Constraints:

  • Parameter names are case sensitive.

  • A parameter name must be unique within an AWS Region

  • A parameter name can't be prefixed with "aws" or "ssm" (case-insensitive).

  • Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-/

  • A parameter name can't include spaces.

  • Parameter hierarchies are limited to a maximum depth of fifteen levels.

For additional information about valid values for parameter names, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide .

Note

The maximum length constraint listed below includes capacity for additional system attributes that are not part of the name. The maximum length for the fully qualified parameter name is 1011 characters.

type Description

string

param Description

Information about the parameter that you want to add to the system. Optional but recommended.

Warning

Do not enter personally identifiable information in this field.

type Value

string

param Value

[REQUIRED]

The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.

type Type

string

param Type

[REQUIRED]

The type of parameter that you want to add to the system.

Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.

Note

SecureString is not currently supported for AWS CloudFormation templates or in the China Regions.

type KeyId

string

param KeyId

The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key. Required for parameters that use the SecureString data type.

If you don't specify a key ID, the system uses the default key associated with your AWS account.

  • To use your default AWS KMS key, choose the SecureString data type, and do not specify the Key ID when you create the parameter. The system automatically populates Key ID with your default KMS key.

  • To use a custom KMS key, choose the SecureString data type with the Key ID parameter.

type Overwrite

boolean

param Overwrite

Overwrite an existing parameter. If not specified, will default to "false".

type AllowedPattern

string

param AllowedPattern

A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^d+$

type Tags

list

param Tags

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key name/value pairs:

  • Key=Resource,Value=S3bucket

  • Key=OS,Value=Windows

  • Key=ParameterType,Value=LicenseKey

Note

To add tags to an existing Systems Manager parameter, use the AddTagsToResource action.

  • (dict) --

    Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines.

    • Key (string) -- [REQUIRED]

      The name of the tag.

    • Value (string) -- [REQUIRED]

      The value of the tag.

type Tier

string

param Tier

The parameter tier to assign to a parameter.

Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an AWS account. Standard parameters are offered at no additional cost.

Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an AWS account. Advanced parameters incur a charge. For more information, see About Advanced Parameters in the AWS Systems Manager User Guide .

You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.

If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.

Using the Default Tier Configuration

In PutParameter requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you do not specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.

The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:

  • Advanced : With this option, Parameter Store evaluates all requests as advanced parameters.

  • Intelligent-Tiering : With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced. If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier. This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.

Options that require an advanced parameter include the following:

  • The content size of the parameter is more than 4 KB.

  • The parameter uses a parameter policy.

  • More than 10,000 parameters already exist in your AWS account in the current Region.

For more information about configuring the default tier option, see Specifying a Default Parameter Tier in the AWS Systems Manager User Guide.

type Policies

string

param Policies

One or more policies to apply to a parameter. This action takes a JSON array. Parameter Store supports the following policy types:

Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter does not affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.

ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.

NoChangeNotification: This policy triggers a CloudWatch event if a parameter has not been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it has not been changed.

All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Working with Parameter Policies .

rtype

dict

returns

Response Syntax

{
    'Version': 123
}

Response Structure

  • (dict) --

    • Version (integer) --

      The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API actions or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.