CloudFormation – 5 – Parameters

Parameters from SSM

Consider such a yaml template:

# this will pickup the latest value of the parameter every time the template is run
# the parameter value must be the Key for that Parameter. Then CFN will retrieve the value
# this does not support SecureString SSM Parameter types
Parameters:
  InstanceType:
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: /EC2/InstanceType

  ImageId: 
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: /EC2/AMI_ID

Resources:
  # this instance will be automatically updated 
  # when we change the parameter in SSM ourselves
  # and then run the CloudFormation template
  MyInstanceWithParameters:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType

# this will pickup the latest value of the parameter every time the template is run

# the parameter value must be the Key for that Parameter. Then CFN will retrieve the value

# this does not support SecureString SSM Parameter types

Parameters:

InstanceType:

Type: 'AWS::SSM::Parameter::Value<String>'

Default: /EC2/InstanceType

ImageId:

Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'

Default: /EC2/AMI_ID

Resources:

# this instance will be automatically updated

# when we change the parameter in SSM ourselves

# and then run the CloudFormation template

MyInstanceWithParameters:

Type: AWS::EC2::Instance

Properties:

ImageId: !Ref ImageId

InstanceType: !Ref InstanceType

Now let’s create the parameteres in SSM:

AWS Systems Manager -> Parameter Store -> Create parameter

Now go and create the second parameter. First copy the AMI Id.

And create parameter:

Create ->

And now go and create the stack

Next ->

The stack is being created. On the parameteres tab we see used parameteres and the values:

When we go to the created EC2 instance we see that instance type and the AMI is which was selected:

Now let’s change the value of an AMI parameter:

And update the stack:

Next -> Next ->

AMI of EC2 instance has been changed:

Public Parameters from SSM

Some AWS services publish information about common artifacts as AWS Systems Manager public parameters. For example, the Amazon Elastic Compute Cloud (Amazon EC2) service publishes information about Amazon Machine Images (AMIs) as public parameters.

Consider such a yaml template:

# this will pickup the latest value of the parameter every time the template is run
# the parameter value must be the Key for that Parameter. Then CFN will retrieve the value
# this does not support SecureString SSM Parameter types
Parameters:
  LatestLinuxAmiId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    # obtain list with
    # aws ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest  --query 'Parameters[].Name'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

  # this works for Windows too
  LatestWindowsAmiId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    # obtain list with
    # aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region us-east-1
    Default: '/aws/service/ami-windows-latest/Windows_Server-2016-English-Core-Base'

Resources:
  # this instance will be automatically updated 
  # when AWS releases a new AMI
  # and then run the CloudFormation template
  MyInstanceWithParameters:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref LatestLinuxAmiId
      InstanceType: t2.micro

# this will pickup the latest value of the parameter every time the template is run

# the parameter value must be the Key for that Parameter. Then CFN will retrieve the value

# this does not support SecureString SSM Parameter types

Parameters:

LatestLinuxAmiId:

Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'

# obtain list with

# aws ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest --query 'Parameters[].Name'

Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

# this works for Windows too

LatestWindowsAmiId:

Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'

# obtain list with

# aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region us-east-1

Default: '/aws/service/ami-windows-latest/Windows_Server-2016-English-Core-Base'

Resources:

# this instance will be automatically updated

# when AWS releases a new AMI

# and then run the CloudFormation template

MyInstanceWithParameters:

Type: AWS::EC2::Instance

Properties:

ImageId: !Ref LatestLinuxAmiId

InstanceType: t2.micro

To obtain the list of all available linux AMI by AWS:

C:\Users\mirth>aws ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest --query "Parameters[].Name"
[
    "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs",
    "/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs"
]

C:\Users\mirth>aws ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest --query "Parameters[].Name"

[

"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2",

"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3",

"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3",

"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3",

"/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3",

"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2",

"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",

"/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs",

"/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs"

]

Or all available Windows AMI:

C:\Users\mirth>aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region eu-central-1
{
    "Parameters": [
        {
            "Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Simplified-64Bit-Base",
            "Type": "String",
            "Value": "ami-0ba5ffc543cb0f4b9",
            "Version": 66,
            "LastModifiedDate": "2021-06-11T02:09:00.341000+02:00",
            "ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Simplified-64Bit-Base",
            "DataType": "text"
        },
        {
            "Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Traditional-64Bit-Base",
            "Type": "String",
            "Value": "ami-0b71756f3f2cb18d1",
            "Version": 66,
            "LastModifiedDate": "2021-06-11T02:09:18.679000+02:00",
            "ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Traditional-64Bit-Base",
            "DataType": "text"
        },
        {
            "Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Dutch-64Bit-Base",
            "Type": "String",
            "Value": "ami-0104d8db9b2ce0abf",
            "Version": 66,
            "LastModifiedDate": "2021-06-11T02:09:36.595000+02:00",
            "ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Dutch-64Bit-Base",
            "DataType": "text"
        },
        {
            "Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Hungarian-64Bit-Base",
            "Type": "String",
            "Value": "ami-000f505b6d84d1fe8",
            "Version": 65,
            "LastModifiedDate": "2021-06-11T02:11:59.592000+02:00",
            "ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Hungarian-64Bit-Base",
            "DataType": "text"
        },
        {
            "Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Japanese-64Bit-Base",
            "Type": "String",
            "Value": "ami-0ad37555d48e09d90",
            "Version": 66,
            "LastModifiedDate": "2021-06-11T02:12:19.789000+02:00",
            "ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Japanese-64Bit-Base",
            "DataType": "text"
        },
        {
-- More  --

C:\Users\mirth>aws ssm get-parameters-by-path --path "/aws/service/ami-windows-latest" --region eu-central-1

{

"Parameters": [

{

"Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Simplified-64Bit-Base",

"Type": "String",

"Value": "ami-0ba5ffc543cb0f4b9",

"Version": 66,

"LastModifiedDate": "2021-06-11T02:09:00.341000+02:00",

"ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Simplified-64Bit-Base",

"DataType": "text"

{

"Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Traditional-64Bit-Base",

"Type": "String",

"Value": "ami-0b71756f3f2cb18d1",

"Version": 66,

"LastModifiedDate": "2021-06-11T02:09:18.679000+02:00",

"ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Chinese_Traditional-64Bit-Base",

"DataType": "text"

{

"Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Dutch-64Bit-Base",

"Type": "String",

"Value": "ami-0104d8db9b2ce0abf",

"Version": 66,

"LastModifiedDate": "2021-06-11T02:09:36.595000+02:00",

"ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Dutch-64Bit-Base",

"DataType": "text"

{

"Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Hungarian-64Bit-Base",

"Type": "String",

"Value": "ami-000f505b6d84d1fe8",

"Version": 65,

"LastModifiedDate": "2021-06-11T02:11:59.592000+02:00",

"ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Hungarian-64Bit-Base",

"DataType": "text"

{

"Name": "/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Japanese-64Bit-Base",

"Type": "String",

"Value": "ami-0ad37555d48e09d90",

"Version": 66,

"LastModifiedDate": "2021-06-11T02:12:19.789000+02:00",

"ARN": "arn:aws:ssm:eu-central-1::parameter/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-Japanese-64Bit-Base",

"DataType": "text"

{

-- More --

Let’s go and run this template:

Next->

Next -> Next

Create stack ->

As we see the value of the parameters has been resolved:

Read more at: https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters.html