Create AWS Resources using CloudFormation from SSM Parameter Store

Table of Contents

Introduction

CloudFormation is generally known as IAC (Infrastructure as Code). We create templates as a blueprint for building AWS resources that are defined in YAML or JSON format. Resources are managed in a single unit called a stack. All the resources in a stack are defined by the stack’s CloudFormation template.

We mostly update the custom values of AWS resources like instance type, AMI ID, and regions through parameters that are defined in the CloudFormation template, but we can also update our custom values straight from the SSM Parameter store.

In this article, we will walk through how to create the resources through CloudFormation of EC2 instances using custom values directly from the SSM Parameter Store.

Using CloudFormation Template to retrieve values from SSM Parameter Store

The SSM Parameter store provides secure storage for data management and secrets management. It can store data such as AMI Ids, database strings, and passwords as parameter values. You can store plain text or encrypted data.

Below is the template of CloudFormation that will create an EC2 instance of defined instance type & AMI ID from the value we will define in the SSM Parameter Store.

Parameters:
  InstanceType:
    Type: 'AWS::SSM::Parameter::Value<String>'
    Default: /EC2/InstanceType

  ImageId: 
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: /EC2/AMI_ID

Resources:
  InstanceWithParameters:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref ImageId
      InstanceType: !Ref InstanceType

Here the Parameters section type is of AWS::SSM: Parameter so the default value will be coming straight from SSM Parameter Store.

Now, we will define the default value which is shown above in the SSM Parameter Store.

Creating Default Values in SSM Parameter Store

First, we will store the custom values in the SSM parameter store and then we can use the above template to create the resource through the CloudFormation stack.

  1. In SSM Parameter Store first, enter the name as /EC2/InstanceTypes and select type as string, here the data type will be our customers value so we are taking value as t2.micro

2. Now create another parameter with the name as /EC2/AMI_ID and select type as string, here the data type will be our customers value so we are taking the AMI ID of Amazon-Linux 2

3. These custom values which we have stored in SSM Parameters will be launched when creating an EC2 instance through the CloudFormation stack.

4. Here we can also store the values as SecureString like database passwords, Github tokens, or some secrets value and get encrypted by default KMS keys, but for now we are only storing two values as a plain text string.

Create CloudFormation Stack using SSM Parameter template

  1. Go to http://console.aws.amazon.com/cloudformation. Create a stack with the template ready and upload your above template file of SSM Parameter .

2. As you can see in stack details, the parameters have already been populated as default values from the template file. Now leave everything as default and create the stack.

3. After completion of the stack it will launch EC2 with instance type t2.micro with AMI type of Amazon Linux2 which we have defined in the parameter store earlier (ImageId & InstanceType).

4. By this method we can launch the resources directly by storing values or passwords from the parameter store using referencing that value in CloudFormation.

Updating values of Parameter Store & referencing that value through CloudFormation

As time progresses some companies think to automate or change their infrastructure, which could be any resources in AWS.

Here we will be updating the AMI ID from Linux to Windows in Parameter Store & after we will edit the value in the parameter store so it will create a new windows AMI instance.

1. Update the new value with Windows AMI ID in the parameter store.

2. As you can see that there will be two versions so it will use the latest version from the parameter store when we update the stack.

3. Update the stack with the same template and leave everything as default, in the end, you will see the change set that will create a new instance of Windows AMI.

4. After completion of the updated stack, a new EC2 will launch with Windows AMI & old EC2 of Linux AMI will be terminated.

This way we can also update any value with the newer version in the parameter store, so then through the CloudFormation updated stack, it will create new resources.

Conclusion

Using custom values in SSM Parameter Store we can reference the resources in CloudFormation and then it can launch any resources using the CloudFormation template that is retrieved straight from SSM Parameter Store.

About the Author ✍🏻

Varshil Desai is a DevOps Engineer at QloudX with 4 AWS certifications & 1 Azure certification.

His main work is in DevOps technology where he builds automated & quick solutions for clients.

With only 1 year of industry experience, Varshil has already made his mark with amazing solutions in the cloud using DevOps automation tools. At the same time, he also likes to explore AI/ML technology.

Leave a Reply

Your email address will not be published.