bwits / ssm_parameter_store Goto Github PK

looks like, with calling client.put_parameter, if you passed KeyId='aws/ssm', you will get InvalidKeyId
so in the case without key_id option or key_id is set 'aws/ssm', KeyId can't be present when making put_parameter call.

Hey Bill,

Thanks so much for not only open sourcing your efforts here, but also for taking the time to submit them upstream to Ansible. Turned my few-day PoC for secrets in SSM Parameter Store into a few-hour project.

Would you have any interest in implementing a recursive GET for parameters occupying a given path, delivered as a dictionary? It's unclear to me from the API documentation whether GetParametersByPath will deliver a mix of String and SecureString values, or error if unencrypted values are encountered (in which case this would need to be a DescribeParameters -> GetParameter loop). I'd suspect the former.

The use case for me is wanting a full tree of envvars in /environ/project/env/ deployed with each Ansible run rather than needing to advance a Jinja2 template through environments where the key existing in Parameter Store is unreliable.

I'm happy to implement this if you don't see any pitfalls and would consider this project rather than Ansible, the proper place to send a PR. Thanks!

This "show" option is better than lookup, as lookup only works with the current region.

Hello,

I'm trying to use the example to create a parameter:

         - name: Create or update key/value pair in aws parameter store
           ssm_parameter_store:
             name: "Hello"
             description: "This is your first key"
             value: "World"

It results in this:

Traceback (most recent call last):
  File "/tmp/ansible_i50RV5/ansible_module_ssm_parameter_store.py", line 221, in <module>
    main()
  File "/tmp/ansible_i50RV5/ansible_module_ssm_parameter_store.py", line 210, in main
    except botocore.exceptions.NoCredentialsError as e:
NameError: global name 'botocore' is not defined

fatal: [localhost]: FAILED! => {
    "changed": false, 
    "failed": true, 
    "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_i50RV5/ansible_module_ssm_parameter_store.py\", line 221, in <module>\n    main()\n  File \"/tmp/ansible_i50RV5/ansible_module_ssm_parameter_store.py\", line 210, in main\n    except botocore.exceptions.NoCredentialsError as e:\nNameError: global name 'botocore' is not defined\n", 
    "module_stdout": "", 
    "msg": "MODULE FAILURE", 
    "rc": 0
}

Strange thing that lookups work!

         - name: Parameters can be provided after the key be more specific about what to retrieve
           debug: msg='key contains {{item}}'
           with_ssm:
             - '/UAT'
             - 'region=ap-southeast-2'