2019/04/24 - Amazon Simple Systems Manager (SSM) - 3 updated api methods
Changes This release updates AWS Systems Manager APIs to allow customers to configure parameters to use either the standard-parameter tier (the default tier) or the advanced-parameter tier. It allows customers to create parameters with larger values and attach parameter policies to an Advanced Parameter.
{'Parameters': {'Policies': [{'PolicyStatus': 'string',
'PolicyText': 'string',
'PolicyType': 'string'}],
'Tier': 'Standard | Advanced'}}
Get information about a parameter.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
client.describe_parameters(
Filters=[
{
'Key': 'Name'|'Type'|'KeyId',
'Values': [
'string',
]
},
],
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
list
One or more filters. Use a filter to return a more specific list of results.
(dict) --
This data type is deprecated. Instead, use ParameterStringFilter.
Key (string) -- [REQUIRED]
The name of the filter.
Values (list) -- [REQUIRED]
The filter values.
(string) --
list
Filters to limit the request results.
(dict) --
One or more filters. Use a filter to return a more specific list of results.
Note
The Name and Tier filter keys can't be used with the GetParametersByPath API action. Also, the Label filter key can't be used with the DescribeParameters API action.
Key (string) -- [REQUIRED]
The name of the filter.
Option (string) --
Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
Values (list) --
The value you want to search for.
(string) --
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Tier': 'Standard'|'Advanced',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
Parameters returned by the request.
(dict) --
Metada includes information like the ARN of the last user and the date/time the parameter was last used.
Name (string) --
The parameter name.
Type (string) --
The type of parameter. Valid parameter types include the following: String, String list, Secure string.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the AWS user who last changed the parameter.
Description (string) --
Description of the parameter actions.
AllowedPattern (string) --
A parameter name can include only the following letters and symbols.
Version (integer) --
The parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
A list of policies associated with a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'Parameters': {'Policies': [{'PolicyStatus': 'string',
'PolicyText': 'string',
'PolicyType': 'string'}],
'Tier': 'Standard | Advanced'}}
Query a list of all parameters used by the AWS account.
See also: AWS API Documentation
Request Syntax
client.get_parameter_history(
Name='string',
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The name of a parameter you want to query.
boolean
Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'Value': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Labels': [
'string',
],
'Tier': 'Standard'|'Advanced',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters returned by the request.
(dict) --
Information about parameter usage.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter used.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the AWS user who last changed the parameter.
Description (string) --
Information about the parameter.
Value (string) --
The parameter value.
AllowedPattern (string) --
Parameter names can include the following letters and symbols.
Version (integer) --
The parameter version.
Labels (list) --
Labels assigned to the parameter version.
(string) --
Tier (string) --
The parameter tier.
Policies (list) --
Information about the policies assigned to a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy has not been enforced or applied yet), Finished (the policy was applied), Failed (the policy was not applied), or InProgress (the policy is being applied now).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'Policies': 'string', 'Tier': 'Standard | Advanced'}
Add a parameter to the system.
See also: AWS API Documentation
Request Syntax
client.put_parameter(
Name='string',
Description='string',
Value='string',
Type='String'|'StringList'|'SecureString',
KeyId='string',
Overwrite=True|False,
AllowedPattern='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
Tier='Standard'|'Advanced',
Policies='string'
)
string
[REQUIRED]
The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For example: /Dev/DBServer/MySQL/db-string13
Naming Constraints:
Parameter names are case sensitive.
A parameter name must be unique within an AWS Region
A parameter name can't be prefixed with "aws" or "ssm" (case-insensitive).
Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-/
A parameter name can't include spaces.
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide .
Note
The maximum length constraint listed below includes capacity for additional system attributes that are not part of the name. The maximum length for the fully qualified parameter name is 1011 characters.
string
Information about the parameter that you want to add to the system. Optional but recommended.
Warning
Do not enter personally identifiable information in this field.
string
[REQUIRED]
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
string
[REQUIRED]
The type of parameter that you want to add to the system.
Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.
Note
SecureString is not currently supported for AWS CloudFormation templates or in the China Regions.
string
The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key. Required for parameters that use the SecureString data type.
If you don't specify a key ID, the system uses the default key associated with your AWS account.
To use your default AWS KMS key, choose the SecureString data type, and do not specify the Key ID when you create the parameter. The system automatically populates Key ID with your default KMS key.
To use a custom KMS key, choose the SecureString data type with the Key ID parameter.
boolean
Overwrite an existing parameter. If not specified, will default to "false".
string
A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^d+$
list
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key name/value pairs:
Key=Resource,Value=S3bucket
Key=OS,Value=Windows
Key=ParameterType,Value=LicenseKey
Note
To add tags to an existing Systems Manager parameter, use the AddTagsToResource action.
(dict) --
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, Maintenance Windows, Parameter Store parameters, and patch baselines.
Key (string) -- [REQUIRED]
The name of the tag.
Value (string) -- [REQUIRED]
The value of the tag.
string
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a value limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters per account and per Region. Standard parameters are offered at no additional cost.
Advanced parameters have a value limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters per account and per Region. Advanced parameters incur a charge.
If you don't specify a parameter tier when you create a new parameter, the parameter defaults to using the standard tier. You can change a standard parameter to an advanced parameter at any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter. For more information, see About Advanced Parameters in the AWS Systems Manager User Guide .
string
One or more policies to apply to a parameter. This action takes a JSON array. Parameter Store supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter does not affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy triggers a CloudWatch event if a parameter has not been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it has not been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Working with Parameter Policies.
dict
Response Syntax
{
'Version': 123
}
Response Structure
(dict) --
Version (integer) --
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API actions or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.