Last active
May 27, 2022 21:52
-
-
Save badfun/28287ec0e739f77ea775cc9b2388f82e to your computer and use it in GitHub Desktop.
AWS custom resources in the AWS CDK allow us to achieve functionality that might not be available otherwise. In this case, I needed a secure string parameter to be converted to a string that I could pass directly to a bash script. Any of the other lookups resulted in an error, as it would pass either the token itself or the encrypted string.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import { AwsCustomResource, AwsCustomResourcePolicy, PhysicalResourceId } from '@aws-cdk/custom-resources' | |
| /** | |
| * Secure string from Parameter store | |
| */ | |
| const getParameter = new AwsCustomResource(this, 'SsmSecureStringParameter', { | |
| onUpdate: { | |
| service: 'SSM', | |
| action: 'getParameter', | |
| parameters: { | |
| Name: this.node.tryGetContext('secureStringParameter'), | |
| WithDecryption: true, | |
| }, | |
| physicalResourceId: PhysicalResourceId.of(Date.now().toString()), | |
| }, | |
| policy: AwsCustomResourcePolicy.fromSdkCalls({ | |
| resources: AwsCustomResourcePolicy.ANY_RESOURCE, | |
| }), | |
| }) | |
| const secureString = getParameter.getResponseField('Parameter.Value') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment