https://pulumi.com logo
#general
Title
# general
a

acceptable-chef-92575

08/07/2023, 7:17 PM
Does Pulumi support dynamically referencing a secret stored in AWS SSM or AWS Secrets? We have a number of other tools that are able to perform SSM path lookups and extract/use the values from those SSM Secure type entries. We also (but rarely) use AWS Secrets to store valuable credentials. These usually involve a plugin or helper function that authenticates to AWS and the passed SSM/Secrets path to retrieve the secret value. I am currently doing a PoC of Pulumi as a IAC replacement for CloudFormation, but I am not finding a way to natively: • Look up an SSM reference • Use SSM as a value dynamically without having to use config set manually. Right now, our POC is just an S3 backend, and I am trying to configure some resources with the Datadog provider that require an API key. Ideally I can use our thousands of secrets stored in SSM/Secrets without having to declare them all for Pulumi. Is there way to do something like this where I can fetch the token from an existing SSM or AWS Secrets path dynamically? Something like below would be great if it exists.
Copy code
pd = datadog.pagerduty.Integration("pd",
    api_token=datadog.ssm.Parameter.get("pd-api-token").value,
    schedules=[
        "<https://ddog.pagerduty.com/schedules/12345>",
        "<https://ddog.pagerduty.com/schedules/12345>",
    ],
    subdomain="ddog")
b

billowy-army-68599

08/07/2023, 7:28 PM
@acceptable-chef-92575 you can look up parameters a variety of ways: https://www.pulumi.com/registry/packages/aws/api-docs/ssm/getparameter/
a

acceptable-chef-92575

08/07/2023, 7:29 PM
Ahhh, ok, i was looking in the wrong place or skimming too fast (plus my Google Fu was failing me). Thanks a ton!