View Source

Use the Get Systems Manager Parameter action to evaluate remote conditions so that you can control Jira Service Management automation rules via the Automate with AWS if condition, control Jira workflow transitions via the Automate with AWS workflow condition and Automate with AWS workflow validator, and fail or succeed Bamboo builds and deployments via the Automate with AWS task. You can also use this action to inject remote configuration data and secrets stored as secure parameters in the AWS Systems Manager Parameter Store, or stored as secrets within AWS Secrets Manager.

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. [...] Parameter Store is offered at no additional charge.

On this page:

Related pages:

Integrations

You can use the Get Systems Manager Parameter action with the following integrations:

Requirements

The Get Systems Manager Parameter action requires sufficient IAM permissions - an adequate IAM policy similar to the one provisioned by the Automation with AWS (Core) CloudFormation template might look as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "ssm:GetParameter"
            ],
            "Resource": "*",
            "Effect": "Allow",
            "Sid": "SystemsManagerGetParameter"
        }
    ]
}

Refer to Using Identity-Based Policies (IAM Policies) for AWS Systems Manager for details on how to create more granular/secure policies.

Configuration

To configure an Get Systems Manager Parameter action:

Complete the following settings:

Parameters

Specify the action parameters according to the following skeleton in JSON format – refer to ssm . get-parameter for details:

You can inject contextual variables into the remote action payload, refer to Entity Variables for details.

Parameter Store vs. Secrets Manager

Depending on your use case and security governance requirements, you can store secrets as Parameter Store parameters of type SecureString, or as actual Secrets Manager secrets as outlined in Referencing AWS Secrets Manager secrets from Parameter Store parameters. The following articles provide a comparison between the two services:

Configuration data and secrets

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

{
  "Name": "/net/utoolity/automation-with-aws/data/test-data",
  "WithDecryption": false
}

Get Systems Manager Parameter skeleton - Atlassian Workflow Secrets

{
  "Name": "/net/utoolity/automation-with-aws/secrets/test-secret",
  "WithDecryption": true
}

Conditions

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

{
  "Name": "/net/utoolity/automation-with-aws/conditions/test-condition",
  "WithDecryption": false
}

Value format for Systems Manager Parameter based condition

{
  "result": false,
  "errorMessage": "Deployment blocked due to remote condition being false"
}

Entity Variables

You can inject contextual workflow variables with workflow entities into the remote action payload template – currently available entities are:

Integrations

Requirements

Configuration

Entity Variables

Examples

How-to Articles

Frequently Asked Questions (FAQ)