Source code for stacker.lookups.handlers.ssmstore
from __future__ import print_function
from __future__ import division
from __future__ import absolute_import
from builtins import str
from stacker.session_cache import get_session
from . import LookupHandler
from ...util import read_value_from_path
TYPE_NAME = "ssmstore"
[docs]class SsmstoreLookup(LookupHandler):
[docs] @classmethod
def handle(cls, value, **kwargs):
"""Retrieve (and decrypt if applicable) a parameter from
AWS SSM Parameter Store.
ssmstore field types should be in the following format:
[<region>@]ssmkey
Note: The region is optional, and defaults to us-east-1 if not given.
For example:
# In stacker we would reference the encrypted value like:
conf_key: ${ssmstore us-east-1@ssmkey}
You can optionally store the value in a file, ie:
ssmstore_value.txt
us-east-1@ssmkey
and reference it within stacker (NOTE: the path should be relative
to the stacker config file):
conf_key: ${ssmstore file://ssmstore_value.txt}
# Both of the above would resolve to
conf_key: PASSWORD
"""
value = read_value_from_path(value)
region = "us-east-1"
if "@" in value:
region, value = value.split("@", 1)
client = get_session(region).client("ssm")
response = client.get_parameters(
Names=[
value,
],
WithDecryption=True
)
if 'Parameters' in response:
return str(response['Parameters'][0]['Value'])
raise ValueError('SSMKey "{}" does not exist in region {}'.format(
value, region))