2020/05/05 - Amazon Simple Systems Manager (SSM) - 6 updated api methods
Changes AWS Systems Manager Parameter Store launches new data type to support aliases in EC2 APIs
{'Parameters': {'DataType': 'string'}}
Get information about a parameter.
Note
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
client.describe_parameters(
Filters=[
{
'Key': 'Name'|'Type'|'KeyId',
'Values': [
'string',
]
},
],
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
list
This data type is deprecated. Instead, use ParameterFilters .
(dict) --
This data type is deprecated. Instead, use ParameterStringFilter.
Key (string) -- [REQUIRED]
The name of the filter.
Values (list) -- [REQUIRED]
The filter values.
(string) --
list
Filters to limit the request results.
(dict) --
One or more filters. Use a filter to return a more specific list of results.
Warning
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API actions. However, not all of the pattern values listed for Key can be used with both actions.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key are not valid: Name , Path , and Tier .
For examples of CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the AWS Systems Manager User Guide .
Key (string) -- [REQUIRED]
The name of the filter.
Option (string) --
For all filters used with DescribeParameters, valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath, valid options include Equals and BeginsWith . (Exception: For filters using the key Label , the only valid option is Equals .)
Values (list) --
The value you want to search for.
(string) --
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
Parameters returned by the request.
(dict) --
Metadata includes information like the ARN of the last user and the date/time the parameter was last used.
Name (string) --
The parameter name.
Type (string) --
The type of parameter. Valid parameter types include the following: String , StringList , and SecureString .
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the AWS user who last changed the parameter.
Description (string) --
Description of the parameter actions.
AllowedPattern (string) --
A parameter name can include only the following letters and symbols.
Version (integer) --
The parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
A list of policies associated with a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items.
{'Parameter': {'DataType': 'string'}}
Get information about a parameter by using the parameter name. Don't confuse this API action with the GetParameters API action.
See also: AWS API Documentation
Request Syntax
client.get_parameter(
Name='string',
WithDecryption=True|False
)
string
[REQUIRED]
The name of the parameter you want to query.
boolean
Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.
dict
Response Syntax
{
'Parameter': {
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
}
}
Response Structure
(dict) --
Parameter (dict) --
Information about a parameter.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other AWS services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
{'Parameters': {'DataType': 'string'}}
Query a list of all parameters used by the AWS account.
See also: AWS API Documentation
Request Syntax
client.get_parameter_history(
Name='string',
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The name of a parameter you want to query.
boolean
Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'Value': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Labels': [
'string',
],
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters returned by the request.
(dict) --
Information about parameter usage.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter used.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the AWS user who last changed the parameter.
Description (string) --
Information about the parameter.
Value (string) --
The parameter value.
AllowedPattern (string) --
Parameter names can include the following letters and symbols.
Version (integer) --
The parameter version.
Labels (list) --
Labels assigned to the parameter version.
(string) --
Tier (string) --
The parameter tier.
Policies (list) --
Information about the policies assigned to a parameter.
Assigning parameter policies in the AWS Systems Manager User Guide .
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'Parameters': {'DataType': 'string'}}
Get details of a parameter. Don't confuse this API action with the GetParameter API action.
See also: AWS API Documentation
Request Syntax
client.get_parameters(
Names=[
'string',
],
WithDecryption=True|False
)
list
[REQUIRED]
Names of the parameters for which you want to query information.
(string) --
boolean
Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'InvalidParameters': [
'string',
]
}
Response Structure
(dict) --
Parameters (list) --
A list of details for a parameter.
(dict) --
An Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other AWS services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
InvalidParameters (list) --
A list of parameters that are not formatted correctly or do not run during an execution.
(string) --
{'Parameters': {'DataType': 'string'}}
Retrieve information about one or more parameters in a specific hierarchy.
Note
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
client.get_parameters_by_path(
Path='string',
Recursive=True|False,
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The hierarchy for the parameter. Hierarchies start with a forward slash (/) and end with the parameter name. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33
boolean
Retrieve all parameters within a hierarchy.
Warning
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a , then the user can also access /a/b . Even if a user has explicitly been denied access in IAM for parameter /a/b , they can still call the GetParametersByPath API action recursively for /a and view /a/b .
list
Filters to limit the request results.
(dict) --
One or more filters. Use a filter to return a more specific list of results.
Warning
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API actions. However, not all of the pattern values listed for Key can be used with both actions.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key are not valid: Name , Path , and Tier .
For examples of CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the AWS Systems Manager User Guide .
Key (string) -- [REQUIRED]
The name of the filter.
Option (string) --
For all filters used with DescribeParameters, valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath, valid options include Equals and BeginsWith . (Exception: For filters using the key Label , the only valid option is Equals .)
Values (list) --
The value you want to search for.
(string) --
boolean
Retrieve all parameters in a hierarchy with their value decrypted.
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
A token to start the list. Use this token to get the next set of results.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters found in the specified hierarchy.
(dict) --
An Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other AWS services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
{'DataType': 'string'}
Add a parameter to the system.
See also: AWS API Documentation
Request Syntax
client.put_parameter(
Name='string',
Description='string',
Value='string',
Type='String'|'StringList'|'SecureString',
KeyId='string',
Overwrite=True|False,
AllowedPattern='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
Tier='Standard'|'Advanced'|'Intelligent-Tiering',
Policies='string',
DataType='string'
)
string
[REQUIRED]
The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example: /Dev/DBServer/MySQL/db-string13
Naming Constraints:
Parameter names are case sensitive.
A parameter name must be unique within an AWS Region
A parameter name can't be prefixed with "aws" or "ssm" (case-insensitive).
Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-/
A parameter name can't include spaces.
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see About requirements and constraints for parameter names in the AWS Systems Manager User Guide .
Note
The maximum length constraint listed below includes capacity for additional system attributes that are not part of the name. The maximum length for a parameter name, including the full length of the parameter ARN, is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters:
arn:aws:ssm:us-east-2:111122223333:parameter/ExampleParameterName
string
Information about the parameter that you want to add to the system. Optional but recommended.
Warning
Do not enter personally identifiable information in this field.
string
[REQUIRED]
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
string
The type of parameter that you want to add to the system.
Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.
Note
SecureString is not currently supported for AWS CloudFormation templates or in the China Regions.
string
The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key. Required for parameters that use the SecureString data type.
If you don't specify a key ID, the system uses the default key associated with your AWS account.
To use your default AWS KMS key, choose the SecureString data type, and do not specify the Key ID when you create the parameter. The system automatically populates Key ID with your default KMS key.
To use a custom KMS key, choose the SecureString data type with the Key ID parameter.
boolean
Overwrite an existing parameter. If not specified, will default to "false".
string
A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^d+$
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key name/value pairs:
Key=Resource,Value=S3bucket
Key=OS,Value=Windows
Key=ParameterType,Value=LicenseKey
Note
To add tags to an existing Systems Manager parameter, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
string
The parameter tier to assign to a parameter.
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an AWS account. Standard parameters are offered at no additional cost.
Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an AWS account. Advanced parameters incur a charge. For more information, see Standard and advanced parameter tiers in the AWS Systems Manager User Guide .
You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.
Using the Default Tier Configuration
In PutParameter requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you do not specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.
The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:
Advanced : With this option, Parameter Store evaluates all requests as advanced parameters.
Intelligent-Tiering : With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced. If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier. This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.
Options that require an advanced parameter include the following:
The content size of the parameter is more than 4 KB.
The parameter uses a parameter policy.
More than 10,000 parameters already exist in your AWS account in the current Region.
For more information about configuring the default tier option, see Specifying a default parameter tier in the AWS Systems Manager User Guide .
string
One or more policies to apply to a parameter. This action takes a JSON array. Parameter Store supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter does not affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy triggers a CloudWatch event if a parameter has not been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it has not been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies.
string
The data type for a String parameter. Supported data types include plain text and Amazon Machine Image IDs.
The following data type values are supported.
text
aws:ec2:image
When you create a String parameter and specify aws:ec2:image , Systems Manager validates the parameter value you provide against that data type. The required format is ami-12345abcdeEXAMPLE . For more information, see Native parameter support for Amazon Machine Image IDs in the AWS Systems Manager User Guide .
dict
Response Syntax
{
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering'
}
Response Structure
(dict) --
Version (integer) --
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API actions or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.
Tier (string) --
The tier assigned to the parameter.