Using the Get Systems Manager Parameter action

Use the Get Systems Manager Parameter action to evaluate remote conditions so that you can control Jira Service Management automation rules via the Automate with AWS if condition, control Jira workflow transitions via the Automate with AWS workflow condition and Automate with AWS workflow validator, and fail or succeed Bamboo builds and deployments via the Automate with AWS task. You can also use this action to inject remote configuration data and secrets stored as secure parameters in the AWS Systems Manager Parameter Store, or stored as secrets within AWS Secrets Manager.

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. [...] Parameter Store is offered at no additional charge.

On this page:

Related pages:

Integrations

You can use the Get Systems Manager Parameter action with the following integrations:

Requirements

The Get Systems Manager Parameter action requires sufficient IAM permissions - an adequate IAM policy similar to the one provisioned by the Automation with AWS (Core) CloudFormation template might look as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "SystemsManagerGetParameter"
        }
    ]
}

Refer to Using Identity-Based Policies (IAM Policies) for AWS Systems Manager for details on how to create more granular/secure policies.

Configuration

To configure an Get Systems Manager Parameter action:

Complete the following settings:

Parameters

Specify the action parameters according to the following skeleton in JSON format – refer to ssm . get-parameter for details:

You can inject contextual variables into the remote action payload, refer to Entity Variables for details.

Parameter Store vs. Secrets Manager

Depending on your use case and security governance requirements, you can store secrets as Parameter Store parameters of type SecureString, or as actual Secrets Manager secrets as outlined in Referencing AWS Secrets Manager secrets from Parameter Store parameters. The following articles provide a comparison between the two services:

Configuration data and secrets

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

{
  "Name": "/net/utoolity/automation-with-aws/data/test-data",
  "WithDecryption": false
}

Get Systems Manager Parameter skeleton - Atlassian Workflow Secrets

{
  "Name": "/net/utoolity/automation-with-aws/secrets/test-secret",
  "WithDecryption": true
}

Conditions

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

{
  "Name": "/net/utoolity/automation-with-aws/conditions/test-condition",
  "WithDecryption": false
}

Value format for Systems Manager Parameter based condition

{
        'result': false,
        'errorMessage': "Deployment blocked due to remote condition being false"
}

Entity Variables

You can inject contextual workflow variables with workflow entities into the remote action payload template – currently available entities are:

Examples

Filter by label

There are no items with the selected labels at this time.

How-to Articles

Filter by label

There are no items with the selected labels at this time.

Frequently Asked Questions (FAQ)

Atlassian account required

Due to a regression within Questions for Confluence Cloud, you need to log in with your Atlassian ID (or sign up for a new account) to access these automatically curated FAQs (refer to UAA-312 for the background).