Configuration
hiera-aws-parameter-store configuration is quite simple. It uses default AWS connection and the following parameters:
prefix : prefix used to find parameters in AWS Parameter Store. Mandatory.
max_results : maximum number of results per AWS Parameter Store request. Default value is 50 (which is the maximum at 2017-01-21).
Here is a sample hiera.yaml:
---
:backends:
- aws_parameter_store
:aws_parameter_store:
:prefix: puppet.
:max_results: 50
:logger: console
AWS credentials
You need AWS credentials in order to access to AWS Parameter Store.
The following policy shows you the required permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeParameters"
],
"Resource": ""
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:{region}:{account}:parameter/{prefix}"
}
]
}
where:
region: AWS region in which parameters are stored.
account: your AWS account.
prefix: prefix for those parameters you want to access from Hiera. E.g. if you want to organize your parameters starting with puppet., you have to use this as prefix. As an example, you can have parameters like: puppet.myapp.version.
Conversions between AWS Parameter Store and Hiera types
In AWS Parameter Store are present the following types:
String: if the parameter name does not contains dots (.), the resulting hiera object is a String with parameter's value. If it contains dots, it's splitted and converted into a hash of objects with the last element as a string.
String List: Converted into an array.
Secure String: Not compatible yet.
Examples:
myappname=MyAppName (String) -> hiera(myappname ) = "MyAppName" (String)
myapp.name=MyAppName (String)
myapp.version=1.3 (String) -> hiera_hash(myapp ) = {"name"=>"MyAppName","version"=>"1.3"} (Hash)
mylist=e1,e2,e3 (String List) -> hiera(mylist ) = ["e1","e2","e3"]
myapp.name=MyAppName (String)
myapp.list=1,2,3 (String List) -> hiera_hash(myapp ) = {"name"=>"MyAppName","list"=>["1",
|