AWS Systems Manager (SSM) Parameters Store and Access using Lambda Function (Node/Javascript)

What is AWS SSM: AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings and license codes as parameter values. You can store values as plain text or encrypted data

Some use cases —

a. Store Key and Values Pairs
b. Store environment variables that are going to be used in different AWS services like — AWS Lambda, Amazon EC2
c. We can also Update/Access these variables from Lambda functions

We will do these 3 steps to create, read and update Parameters from Lambda function —

1. Create Parameter in SSM first
2. Create New IAM permission for accessing SSM parameters(Variable) from lambda
3. Create Lambda function: use SSM Javascript SDK to read/update SSM parameters

1. Create Parameter in SSM first

a. Go to services and search: System Manager

Click On Parameter store

b. Click Create Parameter

c. create a new variable: /my-app/staging/userName

use staging/production if you are using 2 environments

Create New Parameter

2. To access/update SSM parameter from lambda need to give Permission:

a. Create new IAM role : Go to Services =>IAM => Roles => Create Role

b. select AWS services: Choose Lambda

Click next

c. Select Permission: AmazonSSMFullAccess

Next => Next

d. Enter Role Name => Create Role: lambda_ssm_full_access

Create Role

The role will be created. We will use this permission in lambda function to access Aws SSM parameters

3. Now want to access and update these Parameters from lambda function?

a. Go to Services =>Lambda => Create Function => Enter Function Name

Click: Create a Lambda function name: ssmParameterLambda

b. Go to permissions => Basic settings => And select Existing IAM Role: lambda_ssm_full_access

c. Now lets write our function code to access Stored parameter:

Use SSM client : const ssm = new (require(‘aws-sdk/clients/ssm’))()

Javascript SDK Methods:

a.  await ssm.putParameter(params).promise();
b.  const data= await ssm.getParameters({
     Names: [`/my-app/staging/userName`]
    }).promise();

d. If the test is not created so click on =>configure test event =>

Now we have accessed/ Read Aws SSM parameters from Lambda Function

To update existing parameter from lambda: ssm.putParameter()

exports.handler = async (event) => {
    const ssm = new (require('aws-sdk/clients/ssm'))()
    var params = {
          Name: '/my-app/staging/userName',
          Value: 'Changed to Shivam Gupta',
          Overwrite: true,
          Type: 'String'
    };
        
    // Update existing userName
    await ssm.putParameter(params).promise();
    const data= await ssm.getParameters({
            Names: [`/my-app/staging/userName`]
    }).promise();
        
    const response = {
        statusCode: 200,
        body: data,
    };
   return response;
};

References:

What is AWS Systems Manager? — https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html
AWS SDK for JavaScript — https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/SSM.html#getParameters-property
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/RunLambdaSchedule.html

Thanks for reading this article. If this is Helpful Please give a clap. Also, Write in the Comment section.