- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud

Creating and Using a Custom Document with Parameter Store Variables
Systems Manager documents are an integral part of the Systems Manager service. They are at the heart of all the automation possible through SSM via JSON or YAML runbooks, which define steps to perform on a managed instance. In this lab, we'll create a document that carries out some tasks on a managed instance and will also use an SSM parameter, which offers scalable, hierarchal storage for configurations and secrets, allowing encryption.

Lab Info
Table of Contents
-
Challenge
Log in to the AWS Management Console and Navigate to Systems Manager
- Log in to the AWS Management Console using the credentials provided.
- Navigate to the Systems Manager console.
- On the left-hand menu, under Application Management, select Parameter Store.
-
Challenge
Create SSM Parameter to Use in SSM Document
- Click Create parameter.
- Provide the parameter the name "mysql-pass". Optionally, provide a description.
- Under Tier, select the Standard radio button.
- Under Types, select String.
- In the value input box below, enter a string value for your parameter.
- Leave the Tags field as its default.
- Click Create Parameter. This SSM parameter will be referenced in the SSM document provided later.
Note: SSM documents do not allow using secure string passwords. You'll need an SSM API call to fetch any encrypted parameter, decrypt it, and then pass it as a parameter to an SSM document.
-
Challenge
Create SSM Command Document
- In the left-hand menu, under Shared Resources, click Documents.
- Click Create command or session.
- Give your document a name.
- Leave the Target type dropdown field blank, which sets its value to
/
(meaning to target all applicable resources).- You can also choose to select the particular resource you're going to run this document against. In our case, we'll run it against an EC2 instance; however, we'll leave the target at its default value.
- Set the Document type to Command document.
-
Challenge
Enter the Provided SSM Command Document Schema
- Under the Content section, choose the radio button for JSON and paste in the SSM Command document schema provided on the lab page.
- Leave the Document tags section as its default.
- Click Create document.
-
Challenge
Execute the SSM Document
- Select the Owned by me tab, and click the document you created.
- Click Run command to execute your document.
- Leave Document version as Default.
- For Targets, select Choose instances manually.
- Select the listed AmazonLinux-Instance EC2 SSM managed instance.
- Uncheck the Enable writing to an S3 bucket option.
- Leave everything else as default, and click Run.
- After clicking Run, you'll be taken to the Run Command page to track the progress/status of Run Command executing the document.
-
Challenge
Use SSM Session to Connect to the Managed Instance and Verify
Navigate to the Session Manager page, click Start Session, select the AmazonLinux-Instance, and start a shell session with it to verify the document was successfully applied against the instance.
The SSM document in question installs MariaDB database server, starts its service, sets a password, queries the database, and outputs a file with the database names in it to
/root/db_output.txt
.sudo cat /root/db_output.txt
If verifying via SSM Session Manager:
You'll be logged in to the shell session via Session Manager as sudo-enabled user
ssm-user
.
If the file
db_output.txt
doesn't exist or is empty it means that something did not go right.
In which case check/var/log/amazon/ssm/amazon-ssm-agent.log
You can become
root
viasudo su - root
or just appendsudo
before commands for verification.
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.