English / 日本語

Ghost String Parameter for CDK

Provides access control over parameters in Parameter Store on AWS Systems Manager.

This library is supposed to be combined with the AWS Cloud Development Kit (CDK) version 2.

Installation

npm install https://github.com/codemonger-io/cdk-ghost-string-parameter.git#v0.1.1

Example

The only class this library provides is GhostStringParameter. Here is an example to use it:

import { GhostStringParameter } from 'cdk-ghost-string-parameter';
import { aws_iam as iam } from 'aws-cdk-lib';
import { Construct } from 'constructs';

class SampleConstruct extends Construct {
    readonly parameter: GhostStringParameter;

    constructor(scope: Construct, id: string) {
        super(scope, id);

        this.parameter = new GhostStringParameter(this, {
            parameterName: '/parameters/SAMPLE_PARAMETER'
        });
    }

    grantReadParameter(grantee: iam.IGrantable): iam.Grant {
        return this.parameter.grantRead(grantee);
    }
}

API Documentation

You can find the API documentation in api-docs/markdown.

Motivation

The CDK provides aws-cdk-lib.aws_ssm.StringParameter (StringParameter) that represents a parameter in Parameter Store on AWS Systems Manager. With StringParameter, you can control access to the parameter via the API like grantRead. However, to use StringParameter, you have to

• provision the parameter in the CDK stack
• or bind it to an existing parameter

Unfortunately, you cannot use StringParameter if you want to create the parameter in the futer after the CDK stack is deployed. If you want to control access to a parameter that does not exist at deployment without provisioning it, this library could help you.

Development

Resolving dependencies

npm ci

Building

npm run build

Generating the API documentation

npm run build:doc