CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Adding Integrations
  • SSM Parameter Store Inline Policy

Was this helpful?

  1. Config Management
  2. Integrations
  3. AWS

Parameter Store (SSM)

PreviousAWS ConsoleNextS3

Last updated 2 years ago

Was this helpful?

This AWS integration allows you to configure CloudTruth External Parameters from your AWS Parameter Store.

Adding Integrations

If you already have a CloudTruth AWS integration you can add AWS SSM by editing the existing account, selecting this integration and adding the . The and role setup methods automatically create the SSM inline policy.

To create a new or additional AWS account click Add AWS Account from the Integrations AWS page to bring up the add account pane. Add a name for the AWS account, your specific AWS account ID and the AWS account role name. CloudTruth allows you to select regions where your resources exist, all US regions are enabled by default.

The SSM Parameter store integration supports . To enable Push Actions select Write Access for the integration and apply the .

Check the SSM Parameter Store integration and click Save.

Configuring the AWS Role

With the provided External ID create your AWS Role.

SSM Parameter Store Inline Policy

Click Add Inline Policy.

Click the JSON Tab.

Paste in the following JSON for the SSM Parameter Store integration policy and click Review Policy.

External Parameter Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ParameterAccess",
            "Action": [
                "ssm:DescribeParameters",
                "ssm:GetParameter",
                "ssm:GetParameters",
                "ssm:GetParametersByPath"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ParameterAccess",
            "Action": [
                "ssm:AddTagsToResource",
                "ssm:DeleteParameter",
                "ssm:DescribeParameters",
                "ssm:GetParameter",
                "ssm:GetParameters",
                "ssm:ListTagsForResource",
                "ssm:PutParameter",
                "ssm:RemoveTagsFromResource",
                "tag:GetResources"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

Type in a name for the policy and click Create Policy.

The AWS account will enter an Integration Error state until the AWS role is configured. An auto generated External Id will be created to use in the .

Adding an Inline Policy to the AWS Role allows CloudTruth secure access to the selected integration service. The inline policy is automatically created if you used or to create the role.

From the select the role that you created for CloudTruth access.

Write Access Parameter Policy for

Setup is now complete for both the AWS Role and Policy. After refreshing by clicking "Check Integration Status" the CloudTruth integration will now show as "Connected", and you can begin creating that reference your AWS resources.

🛠️
AWS Role Creation
AWS Role
AWS IAM Console
👏
External Parameter values
SSM inline policy
write access inline policy for SSM
Push Actions
CloudTruth push actions
CloudFormation
Terraform
Terraform
CloudFormation