Featured resource
2025 Tech Upskilling Playbook
Tech Upskilling Playbook

Build future-ready tech teams and hit key business milestones with seven proven plays from industry leaders.

Check it out
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Cloud
Google Cloud Platform icon
Labs

Creating and Using a Custom Document with Parameter Store Variables

Systems Manager documents are an integral part of the Systems Manager service. They are at the heart of all the automation possible through SSM via JSON or YAML runbooks, which define steps to perform on a managed instance. In this lab, we'll create a document that carries out some tasks on a managed instance and will also use an SSM parameter, which offers scalable, hierarchal storage for configurations and secrets, allowing encryption.

Google Cloud Platform icon
Lab platform
Lab Info
Level
Intermediate
Last updated
Sep 22, 2025
Duration
45m

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
Table of Contents
  1. Challenge

    Log in to the AWS Management Console and Navigate to Systems Manager
    1. Log in to the AWS Management Console using the credentials provided.
    2. Navigate to the Systems Manager console.
    3. On the left-hand menu, under Application Management, select Parameter Store.
  2. Challenge

    Create SSM Parameter to Use in SSM Document
    1. Click Create parameter.
    2. Provide the parameter the name "mysql-pass". Optionally, provide a description.
    3. Under Tier, select the Standard radio button.
    4. Under Types, select String.
    5. In the value input box below, enter a string value for your parameter.
    6. Leave the Tags field as its default.
    7. Click Create Parameter. This SSM parameter will be referenced in the SSM document provided later.

    Note: SSM documents do not allow using secure string passwords. You'll need an SSM API call to fetch any encrypted parameter, decrypt it, and then pass it as a parameter to an SSM document.

  3. Challenge

    Create SSM Command Document
    1. In the left-hand menu, under Shared Resources, click Documents.
    2. Click Create command or session.
    3. Give your document a name.
    4. Leave the Target type dropdown field blank, which sets its value to /(meaning to target all applicable resources).
      • You can also choose to select the particular resource you're going to run this document against. In our case, we'll run it against an EC2 instance; however, we'll leave the target at its default value.
    5. Set the Document type to Command document.
  4. Challenge

    Enter the Provided SSM Command Document Schema
    1. Under the Content section, choose the radio button for JSON and paste in the SSM Command document schema provided on the lab page.
    2. Leave the Document tags section as its default.
    3. Click Create document.
  5. Challenge

    Execute the SSM Document
    1. Select the Owned by me tab, and click the document you created.
    2. Click Run command to execute your document.
    3. Leave Document version as Default.
    4. For Targets, select Choose instances manually.
    5. Select the listed AmazonLinux-Instance EC2 SSM managed instance.
    6. Uncheck the Enable writing to an S3 bucket option.
    7. Leave everything else as default, and click Run.
    8. After clicking Run, you'll be taken to the Run Command page to track the progress/status of Run Command executing the document.
  6. Challenge

    Use SSM Session to Connect to the Managed Instance and Verify

    Navigate to the Session Manager page, click Start Session, select the AmazonLinux-Instance, and start a shell session with it to verify the document was successfully applied against the instance.

    The SSM document in question installs MariaDB database server, starts its service, sets a password, queries the database, and outputs a file with the database names in it to /root/db_output.txt.

    sudo cat /root/db_output.txt
    

    If verifying via SSM Session Manager:

    You'll be logged in to the shell session via Session Manager as sudo-enabled user ssm-user.


    If the file db_output.txt doesn't exist or is empty it means that something did not go right.
    In which case check /var/log/amazon/ssm/amazon-ssm-agent.log

    You can become root via sudo su - root or just append sudo before commands for verification.

About the author

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight