Skip to content

Commit

Permalink
feat(ssm): support cross-account sharing (#30646)
Browse files Browse the repository at this point in the history 
AWS [introduced](https://aws.amazon.com/about-aws/whats-new/2024/02/aws-systems-manager-parameter-store-cross-account-sharing/) SSM Parameter Store cross-account sharing in Feb 2024. Under the hood, the sharing account has to create an AWS RAM ResourceShare for the principal of the consuming account and the consuming account has to accept the sharing invite. The only approach to access that sharing parameter is through CfnParameter. Dynamic Reference is NOT supported.

This PR adds `StringParameter.fromStringParameterArn()` method so we can use the API like

```ts
const remoteParameterArn = 'arn:aws:ssm:us-east-1:123456789012:parameter/dummyName';

const sharedParam = StringParameter.fromStringParameterArn(scope, id, remoteParameterArn);

new cdk.CfnOutput(this, 'ParamValue', { value: sharedParam.stringValue });
```

Note:

1. The only option to consume sharing parameters in CFN is template parameter. `StringParameter.fromStringParameterArn()` would synthesize CfnParameter like:

```yaml
SharedParameter:
    Description: a shared golden AMI from centralised accounts
    Type: "AWS::SSM::Parameter::Value<String>"
    Default: "arn:aws:ssm:us-east-1:123456789012:parameter/sharedParameterName"
```
And the `Default` value has to be a static string. It can't be an unresolved token.

2. For full use case(sharing, accepting and consuming), check out `integ.parameter-store-string-sharing.ts` for more details.


### Issue # (if applicable)

Closes #29292 

### Reason for this change



### Description of changes



### Description of how you validated changes

Debugger
```json
{
  "version": "0.2.0",
  "configurations": [
    {
      "type": "node",
      "request": "launch",
      "name": "Jest",
      "program": "${workspaceFolder}/node_modules/jest/bin/jest.js",
      "cwd": "${workspaceFolder}/packages/aws-cdk-lib",
      "args": [
        "--verbose",
        "-i",
        "--no-cache",
        "test/parameter.test.ts",
      ],
      "console": "integratedTerminal",
      "internalConsoleOptions": "neverOpen",
      "skipFiles": [
        "<node_internals>/**"
      ],
      "outFiles": [
        "${workspaceFolder}/**/*.(m|c|)js",
        "!**/node_modules/**"
      ],
    }
  ]
}
```

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@pahud
pahud authored Aug 19, 2024
1 parent ffc40e5 commit 1eb1ea6
Show file tree
Hide file tree
Showing 17 changed files with 32,967 additions and 1 deletion.
19 changes: 19 additions & 0 deletions ...aring.js.snapshot/SSMParameterStoreSharingTestDefaultTestDeployAssert51CBB447.assets.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

36 changes: 36 additions & 0 deletions ...ing.js.snapshot/SSMParameterStoreSharingTestDefaultTestDeployAssert51CBB447.template.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 1eb1ea6

Please sign in to comment.