Create SSM Parameters in multiple regions from a file.

put_file_to_ssm_param.py

#!/usr/bin/env python

"""Create SSM Parameters in multiple regions.

Usage:
  put_file_to_ssm_param put [--log-level=LEVEL] [--overwrite] <parameter_name>
                        <filename>...
  put_file_to_ssm_param delete <parameter_name>
  put_file_to_ssm_param (-h | --help)

Options:
  -h --help              Show this message.
  --log-level=LEVEL      If specified, then the log level will be set to
                         the specified value.  Valid values are "debug", "info",
                         "warning", "error", and "critical". [default: info]
  -o --overwrite         Overwrite existing parameters.
"""

import logging
from os import path
import sys

import docopt
import boto3

REGIONS = ["us-east-1", "us-east-2", "us-west-1", "us-west-2"]


def calc_parameter_name(filename, parameter_name):
    """Calculate a the parameter_name to allow "folders"."""
    if parameter_name.endswith("/"):
        return path.join(parameter_name, path.basename(filename))
    else:
        return parameter_name


def put_file(session, filename, parameter_name, overwrite, regions):
    """Create a parameter from the contents of a file in multiple regions."""
    new_parameter_name = calc_parameter_name(filename, parameter_name)

    with open(filename, "r") as f:
        file_contents = f.read()

    for region in regions:
        logging.debug(f"Creating client for {region}")
        client = session.client("ssm", region_name=region)
        logging.info(f"Putting parameter '{new_parameter_name}' in region '{region}'")
        logging.debug(f"Overwrite = {overwrite}")
        try:
            client.put_parameter(
                Name=new_parameter_name,
                Value=file_contents,
                Type="SecureString",
                Overwrite=overwrite,
            )
        except client.exceptions.ParameterAlreadyExists:
            logging.warning(
                f"Parameter {new_parameter_name} already exists in {region}. "
                "Not overwriting."
            )


def delete_parameter(session, parameter_name, regions):
    """Delete a parameter from multiple regions."""
    for region in regions:
        logging.debug(f"Creating client for {region}")
        client = session.client("ssm", region_name=region)
        logging.info(f"Deleting parameter '{parameter_name}' in region '{region}'")
        try:
            client.delete_parameter(Name=parameter_name)
        except client.exceptions.ParameterNotFound:
            logging.warning(f"Parameter {parameter_name} does not exists in {region}.")


def main():
    """Set up logging and call the requrest commands."""
    args = docopt.docopt(__doc__, version="0.0.1")
    # Set up logging
    log_level = args["--log-level"]
    try:
        logging.basicConfig(
            format="%(asctime)-15s %(levelname)s %(message)s", level=log_level.upper()
        )
    except ValueError:
        logging.critical(
            f'"{log_level}" is not a valid logging level.  Possible values '
            "are debug, info, warning, and error."
        )
        return 1

    session = boto3.Session()

    if args["put"]:
        parameter_name = args["<parameter_name>"]
        filenames = args["<filename>"]
        overwrite = args["--overwrite"]
        if len(filenames) > 1 and not parameter_name.endswith("/"):
            print("Cannot put multiple files unless parameter_name ends in a '/'")
            sys.exit(-1)
        for filename in filenames:
            put_file(session, filename, parameter_name, overwrite, REGIONS)
    elif args["delete"]:
        parameter_name = args["<parameter_name>"]
        delete_parameter(session, parameter_name, REGIONS)

    # Stop logging and clean up
    logging.shutdown()
    return 0


if __name__ == "__main__":
    sys.exit(main())

Example run:

put_file_to_ssm_param.py put --overwrite /openvpn/server/ ca.crt server.crt server.key ta.key dh4096.pem 
2019-07-11 17:09:58,914 INFO Found credentials in shared credentials file: ~/.aws/credentials
2019-07-11 17:09:59,019 INFO Putting parameter '/openvpn/server/ca.crt' in region 'us-east-1'
2019-07-11 17:09:59,267 INFO Putting parameter '/openvpn/server/ca.crt' in region 'us-east-2'
2019-07-11 17:09:59,574 INFO Putting parameter '/openvpn/server/ca.crt' in region 'us-west-1'
2019-07-11 17:10:00,182 INFO Putting parameter '/openvpn/server/ca.crt' in region 'us-west-2'
2019-07-11 17:10:00,729 INFO Putting parameter '/openvpn/server/server.crt' in region 'us-east-1'
2019-07-11 17:10:00,937 INFO Putting parameter '/openvpn/server/server.crt' in region 'us-east-2'
2019-07-11 17:10:01,101 INFO Putting parameter '/openvpn/server/server.crt' in region 'us-west-1'
2019-07-11 17:10:01,542 INFO Putting parameter '/openvpn/server/server.crt' in region 'us-west-2'
2019-07-11 17:10:02,122 INFO Putting parameter '/openvpn/server/server.key' in region 'us-east-1'
2019-07-11 17:10:02,260 INFO Putting parameter '/openvpn/server/server.key' in region 'us-east-2'
2019-07-11 17:10:02,435 INFO Putting parameter '/openvpn/server/server.key' in region 'us-west-1'
2019-07-11 17:10:02,873 INFO Putting parameter '/openvpn/server/server.key' in region 'us-west-2'
2019-07-11 17:10:03,380 INFO Putting parameter '/openvpn/server/ta.key' in region 'us-east-1'
2019-07-11 17:10:03,510 INFO Putting parameter '/openvpn/server/ta.key' in region 'us-east-2'
2019-07-11 17:10:03,682 INFO Putting parameter '/openvpn/server/ta.key' in region 'us-west-1'
2019-07-11 17:10:04,054 INFO Putting parameter '/openvpn/server/ta.key' in region 'us-west-2'
2019-07-11 17:10:04,509 INFO Putting parameter '/openvpn/server/dh4096.pem' in region 'us-east-1'
2019-07-11 17:10:04,651 INFO Putting parameter '/openvpn/server/dh4096.pem' in region 'us-east-2'
2019-07-11 17:10:04,824 INFO Putting parameter '/openvpn/server/dh4096.pem' in region 'us-west-1'
2019-07-11 17:10:05,191 INFO Putting parameter '/openvpn/server/dh4096.pem' in region 'us-west-2'