Takes a 4 tier yaml file (project/app/level/key) and imports it into AWS encrypted parameter store

update_paramater_store_creds.py

#!/usr/bin/env python

import os
import boto3
import yaml

import click

from ansible_vault import Vault


def update_aws_settings(filename=None, ansible_vault=False, password=None):
  # type: (str, bool, str) -> None
  client = boto3.client('ssm')
    if ansible_vault:
        vault = Vault()
        data = vault.load(open('secrets.yml').read())
    else:
        with open(filename) as fh:
            data = yaml.load(fh)
    for projectname, projectdata in data.items():
        for appname, appdata in projectdata.items():
            for level, params in appdata.items():
                for param, value in params.items():
                    print("Adding {}".format(param))
                    response = client.put_parameter(
                        Name="/{}/{}/{}/{}".format(projectname, appname, level, param),
                        Description="{} {} {} {}".format(projectname, appname, level, param),
                        Value=value,
                        Type='SecureString',
                        Overwrite=True,
                    )


@click.command()
@click.option('--filename', type=str, default="secrets.yml", help="YAML parameter file")
def main(filename):
    # type: (str) -> None
    update_aws_settings(filename, ansible_vault=True

if __name__ == '__main__':
    main()