Using the Get Systems Manager Parameter action

Integrations

You can use the Get Systems Manager Parameter action with the following integrations:

Requirements

The Get Systems Manager Parameter action requires sufficient IAM permissions - an adequate IAM policy similar to the one provisioned by the Automation with AWS (Core) CloudFormation template might look as follows:

1 2 3 4 5 6 7 8 9 10 11 12 13 { "Version": "2012-10-17", "Statement": [ { "Action": [ "ssm:GetParameter" ], "Resource": "*", "Effect": "Allow", "Sid": "SystemsManagerGetParameter" } ] }

 Refer to Using Identity-Based Policies (IAM Policies) for AWS Systems Manager for details on how to create more granular/secure policies.

Configuration

To configure an Get Systems Manager Parameter action:

Complete the following settings:

 

Parameters

Specify the action parameters according to the following skeleton in JSON format – refer to ssm . get-parameter for details:

You can inject contextual variables into the remote action payload, refer to Entity Variables for details.

Parameter Store vs. Secrets Manager

Depending on your use case and security governance requirements, you can store secrets as Parameter Store parameters of type SecureString, or as actual Secrets Manager secrets as outlined in Referencing AWS Secrets Manager secrets from Parameter Store parameters. The following articles provide a comparison between the two services:

 

Configuration data and secrets

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

1 2 3 4 {   "Name": "/net/utoolity/automation-with-aws/data/test-data",   "WithDecryption": false }

Get Systems Manager Parameter skeleton - Atlassian Workflow Secrets

1 2 3 4 {   "Name": "/net/utoolity/automation-with-aws/secrets/test-secret",   "WithDecryption": true }

 

Conditions

Get Systems Manager Parameter skeleton - Atlassian Workflow Data

1 2 3 4 {   "Name": "/net/utoolity/automation-with-aws/conditions/test-condition",   "WithDecryption": false }

Value format for Systems Manager Parameter based condition

1 2 3 4 {         'result': false,         'errorMessage': "Deployment blocked due to remote condition being false" }

Entity Variables

You can inject contextual workflow variables with workflow entities into the remote action payload template – currently available entities are:

Examples

How-to Articles

Frequently Asked Questions (FAQ)