AWS SSM Parameter Store
Detailed information on the AWS SSM Parameter Store - secret store component
Component format
To setup AWS SSM Parameter Store secret store create a component of type secretstores.aws.parameterstore
. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
See Authenticating to AWS for information about authentication-related attributes.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: awsparameterstore
namespace: default
spec:
type: secretstores.aws.parameterstore
version: v1
metadata:
- name: region
value: "[aws_region]"
- name: accessKey
value: "[aws_access_key]"
- name: secretKey
value: "[aws_secret_key]"
- name: sessionToken
value: "[aws_session_token]"
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.
Spec metadata fields
Field | Required | Details | Example |
---|---|---|---|
region | Y | The specific AWS region the AWS SSM Parameter Store instance is deployed in | “us-east-1” |
accessKey | Y | The AWS Access Key to access this resource | “key” |
secretKey | Y | The AWS Secret Access Key to access this resource | “secretAccessKey” |
sessionToken | N | The AWS session token to use | “sessionToken” |
Important
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you’re using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you’re using.
Create an AWS SSM Parameter Store instance
Setup AWS SSM Parameter Store using the AWS documentation: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
- Authenticating to AWS
Last modified June 23, 2022: Merge pull request #2550 from ItalyPaleAle/cosmosdb-harcoded-dapr-version (cf03237)