Skip to content

Instantly share code, notes, and snippets.

@skwashd
Last active September 6, 2024 10:20
Show Gist options
  • Save skwashd/d3cc96047cd23a89754b8c1bdc0c27e7 to your computer and use it in GitHub Desktop.
Save skwashd/d3cc96047cd23a89754b8c1bdc0c27e7 to your computer and use it in GitHub Desktop.
Copy AWS SSM Parameter Store Path

This Python (3.6+) script is for migrating Amazon AWS System Manager (SSM) Parameter Store keys from one path to another.

Quick Start

To install the script do the following:

  • Configure your AWS credentials
  • Grab the code from this gist
  • Make it executable (chmod +x /path/to/copy-ssm-ps-path.py)
  • pip install boto3 (if you don't have it installed already)

Run it like so:

copy-ssm-ps-path.py source-tree-name target-tree-name new-kms-uuid

More information

For more information about this script checkout my blog post Migrating AWS System Manager Parameter Store Secrets to a new Namespace.

#!/usr/bin/env python3
#
# Copy SSM Parameter Store values to a new path.
#
# Designed to work with Python 3.6 and up. Only external dependency is boto3.
#
# Call: copy-ssm-ps-path.py source-tree-name target-tree-name new-kms-uuid
#
import os
import sys
import boto3
def main(args):
if len(args) != 4:
sys.stderr.write("Invalid args.\n")
sys.exit(1)
source_path = args[1]
target_path = args[2]
key_alias = args[3]
ssm = boto3.client("ssm")
paginator = ssm.get_paginator("get_parameters_by_path")
for page in paginator.paginate(Path=f"/{source_path}/", WithDecryption=True):
for parameter in page["Parameters"]:
raw_key = parameter["Name"]
key_name = os.path.basename(raw_key)
new_name = f"/{target_path}/{key_name}"
ssm.put_parameter(
Name=new_name,
Value=parameter["Value"],
Type="SecureString",
KeyId=key_alias,
)
sys.stderr.write(f"Copied {key_name} from {source_path} to {target_path}.\n")
if __name__ == "__main__":
main(sys.argv)
@Lusitaniae
Copy link

Lusitaniae commented Aug 24, 2020

Works great, example of usage in case the readme is not clear:

aws-mfa python3 duplicate-ssm.py app1/dev app1/preprod alias/aws/ssm

You should provide the namespaces without the first slash, you can refer to the KMS key by alias as above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment