since August 2018 AWS CloudFormation supports AWS Systems Manager Secure String Parameters in CloudFormation Templates.
I have been searching high and low but wasnt able to find a way to create a ssm-secure-string via Cloudformation like I can do it for simple SSM parameter via
Type: "AWS::SSM::Parameter"
Properties:
AllowedPattern: String
Description: String
Name: String
Type: String
Value: String
Can someone help me out? Or is there no way to generate the ssm-secure string right now via Cloudformtion?
Merci A
As per current docs, it's not supported to create SSM secure string via cloudformation.
Note
AWS CloudFormation doesn't support the SecureString parameter type.
What introduced in Aug 2018 is the support for SSM Secure String as Parameters in cloudformation. Link
For the time being, CustomResource is the only way, however having raw value in any kind of infra template for secure string is not recommended.
Updated (Nov 2019):
As per this, we can provide 3rd party resource provider for such use cases. CustomResource is good but kind of repetitive if you use in multiple stacks. So now I would prefer using this 3rd party resource providers for common use cases like secure SSM. It's farily simple to implement as well.