Menu
Sign In to the Console
Amazon Elastic Compute Cloud
User Guide for Linux Instances

Systems Manager Parameter Store Walkthroughs

Use the following walkthroughs to create, store, and execute parameters with Parameter Store in a test environment.

Contents

Grant Your User Account Access to SSM

Your user account must be configured to communicate with the SSM API. Use the following procedure to attach a managed IAM policy to your user account that grants you full access to SSM API actions.

To create the IAM policy for your user account

  1. Open the Identity and Access Management (IAM) console at https://console.aws.amazon.com/iam/.

  2. In the navigation pane, choose Policies. (If this is your first time using IAM, choose Get Started, and then choose Create Policy.)

  3. In the Filter field, type AmazonSSMFullAccess and press Enter.

  4. Select the check box next to AmazonSSMFullAccess and then choose Policy Actions, Attach.

  5. On the Attach Policy page, choose your user account and then choose Attach Policy.

Launch a New Instance

Use the following procedure to create a test instance with the required AWS Identity and Access Management (IAM) role. The role enables the instance to communicate with the Systems Manager (SSM) API. You must assign the IAM role when you create the new instance. You can't assign a role to an instance that is already running.

If you want to assign the role to one of your existing instances, you must create an image of the instance, launch an instance from that image, and assign the IAM role as you launch the instance. For more information, see Creating an Amazon EBS-Backed Linux AMI.

To create an instance that uses a Systems Manager-supported role

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Select a supported region.

  3. Choose Launch Instance and select a Linux Amazon Machine Image (AMI).

  4. Choose your instance type and then choose Next: Configure Instance Details.

  5. In Auto-assign Public IP, choose Enable.

  6. Beside IAM role choose Create new IAM role. The IAM console opens in a new tab.

    1. Choose Create New Role.

    2. In Step 1: Set Role Name, enter a name that identifies this role as a Systems Manager role.

    3. In Step 2: Select Role Type, choose Amazon EC2 Role for Simple Systems Manager. The system skips Step 3: Establish Trust because this is a managed policy.

    4. In Step 4: Attach Policy, choose AmazonEC2RoleforSSM.

    5. Choose Next Step, and then choose Create Role.

    6. Close the tab with the IAM console.

  7. In the Amazon EC2 console, choose the Refresh button beside Create New IAM role.

  8. From IAM role, choose the role you just created.

  9. Complete the wizard to launch the new instance. Make a note of the instance ID. You will need to specify this ID later in this walkthrough.

Systems Manager Parameter Store Console Walkthrough

The following procedure walks you through the process of creating a parameter in Parameter Store and then executing a Run Command command that uses this parameter.

To create a parameter using Parameter Store

  1. Open the Amazon EC2 console, expand Systems Manager Shared Resources in the navigation pane, and then choose Parameter Store.

  2. Choose Create Parameter.

  3. For Name, type helloWorld.

  4. In the Description field, type a description that identifies this parameter as a test parameter.

  5. For Type, choose String.

  6. In the Value field, enter a word.

  7. Choose Create Parameter and then choose OK after the system creates the parameter.

  8. In the EC2 console navigation pane, expand Commands and then choose Run Command.

  9. Choose Run a command.

  10. In the Command Document list, choose AWS-RunShellScript.

  11. Under Target instances, choose the instance you created earlier.

  12. In the Commands field, type echo {{ssm:helloWorld}} and then choose Run.

  13. In the command history list, choose the command you just ran, choose the Output tab, and then choose View Output.. They output is the name of the parameter you created earlier, for example, {{ssm:helloWorld}}.

Systems Manager Parameter Store CLI Walkthrough

The following procedure walks you through the process of creating and storing a parameter using the AWS CLI.

To create a parameter using Parameter Store

  1. Download the AWS CLI to your local machine.

  2. Execute the following command to create a parameter that uses the String data type.

    aws ssm put-parameter --name commands --type string –value "helloWorld"

  3. Execute the following command to view the parameter metadata.

    aws ssm describe-parameters --filters Key=Name,Values=helloWorld

  4. Execute the following command to change the parameter value.

    aws ssm put-parameter --name helloWorld --type String --value "good day sunshine"

  5. Execute the following command to view the latest parameter value.

    aws ssm get-parameters --name helloWorld

  6. Execute the following command to view the parameter value history.

    aws ssm get-parameter-history --name helloWorld

  7. Execute the following command to use this parameter in a Run Command command.

    aws ssm send-command --name AWS-RunPowerShellScript --parameters commands=[“echo {{ssm:helloWorld}}”] --targets Key=instanceids,Values=the ID of the instance you created earlier