AWS System Manager makes it easy to store and retrieve parameters for use across servers, services, and applications in AWS. One great benefit is storing secrets for use, as needed. I recently needed to retrieve some parameters to place in a configuration file via puppet and wrote a short script to retrieve these values as facts.
Create a script like the following in /etc/facter/facts.d, make it executable.
#!/bin/bash
aws configure set region us-east-1
application_username=$(aws ssm get-parameter --name application_username | egrep "Value" | awk -F\" '{print $4}')
application_password=$(aws ssm get-parameter --name application_password --with-decryption | egrep "Value" | awk -F\" '{print $4}')
echo "application_username=${application_username}"
echo "application_password=${application_password}"
exit 0;
Note that this assumes the username is not an encrypted secret, while the password is.
This can be tested with the following:
# facter -p application_username # facter -p application_password
These facts can then be used in templates, like the following:
# config.cfg.erb connection_string = <%= @application_username %>:<%= @application_password %>
Leave a Reply