Skip to content

Instantly share code, notes, and snippets.

@ruanbekker

ruanbekker/aws_ssm_get_parameter.md

Created January 31, 2018 14:41
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save ruanbekker/7268bbb565040c162b4be6d7d444a618 to your computer and use it in GitHub Desktop.
Save ruanbekker/7268bbb565040c162b4be6d7d444a618 to your computer and use it in GitHub Desktop.
Download ZIP
Getting Secrets from SSM using GetParameter Example with Python and Boto3
Raw
aws_ssm_get_parameter.md

Bash Environment Example with SSM to get Parameter Values using GetParameter:

IAM Policy:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1517398919242",
            "Action": [
                "kms:Decrypt"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:kms:eu-west-1:accountid:key/123456-7890-12345-67890"
        },
        {
            "Sid": "Stmt1517399021096",
            "Action": [
                "ssm:GetParameter"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:ssm:eu-west-1:accountid:parameter/test/ruan/mysql/db01/mysql_*"
            ]
        }
    ]
}

Setting Environment Variables:

$ export MYSQL_HOSTNAME="/test/ruan/mysql/db01/mysql_hostname"
$ export MYSQL_USERNAME="/test/ruan/mysql/db01/mysql_user"

Python Script:

import os
import boto3

session = boto3.Session(region_name='eu-west-1')
ssm = session.client('ssm')

MYSQL_HOSTNAME = os.environ.get('MYSQL_HOSTNAME')
MYSQL_USERNAME = os.environ.get('MYSQL_USERNAME')

hostname = ssm.get_parameter(Name=MYSQL_HOSTNAME, WithDecryption=True)
username = ssm.get_parameter(Name=MYSQL_USERNAME, WithDecryption=True)

print("Hostname: {}".format(hostname['Parameter']['Value']))
print("Username: {}".format(username['Parameter']['Value']))

Running The Script:

$ python app.py
Hostname: db01.eu-west-1.mycompany.com
Username: super_dba
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment