Skip to content

Commit 1eb1ea6

Browse files
pahudpahud
authored
feat(ssm): support cross-account sharing (#30646)
AWS [introduced](https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/) SSM Parameter Store cross-account sharing in Feb 2024. Under the hood, the sharing account has to create an AWS RAM ResourceShare for the principal of the consuming account and the consuming account has to accept the sharing invite. The only approach to access that sharing parameter is through CfnParameter. Dynamic Reference is NOT supported. This PR adds `StringParameter.fromStringParameterArn()` method so we can use the API like ```ts const remoteParameterArn = 'arn:aws:ssm:us-east-1:123456789012:parameter/dummyName'; const sharedParam = StringParameter.fromStringParameterArn(scope, id, remoteParameterArn); new cdk.CfnOutput(this, 'ParamValue', { value: sharedParam.stringValue }); ``` Note: 1. The only option to consume sharing parameters in CFN is template parameter. `StringParameter.fromStringParameterArn()` would synthesize CfnParameter like: ```yaml SharedParameter: Description: a shared golden AMI from centralised accounts Type: "AWS::SSM::Parameter::Value<String>" Default: "arn:aws:ssm:us-east-1:123456789012:parameter/sharedParameterName" ``` And the `Default` value has to be a static string. It can't be an unresolved token. 2. For full use case(sharing, accepting and consuming), check out `integ.parameter-store-string-sharing.ts` for more details. ### Issue # (if applicable) Closes #29292 ### Reason for this change ### Description of changes ### Description of how you validated changes Debugger ```json { "version": "0.2.0", "configurations": [ { "type": "node", "request": "launch", "name": "Jest", "program": "${workspaceFolder}/node_modules/jest/bin/jest.js", "cwd": "${workspaceFolder}/packages/aws-cdk-lib", "args": [ "--verbose", "-i", "--no-cache", "test/parameter.test.ts", ], "console": "integratedTerminal", "internalConsoleOptions": "neverOpen", "skipFiles": [ "<node_internals>/**" ], "outFiles": [ "${workspaceFolder}/**/*.(m|c|)js", "!**/node_modules/**" ], } ] } ``` ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent ffc40e5 commit 1eb1ea6

17 files changed

+32967
-1
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.parameter-store-string-sharing.js.snapshot/SSMParameterStoreSharingTestDefaultTestDeployAssert51CBB447.assets.json

+19
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ssm/test/integ.parameter-store-string-sharing.js.snapshot/SSMParameterStoreSharingTestDefaultTestDeployAssert51CBB447.template.json

+36
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)