Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Google Cloud Platform icon

Creating and Using a Custom Document with Parameter Store Variables

Systems Manager documents are an integral part of the Systems Manager service. They are at the heart of all the automation possible through SSM via JSON or YAML runbooks, which define steps to perform on a managed instance. In this lab, we'll create a document that carries out some tasks on a managed instance and will also use an SSM parameter, which offers scalable, hierarchal storage for configurations and secrets, allowing encryption.

Google Cloud Platform icon

Path Info

Clock icon Intermediate
Clock icon 45m
Clock icon Feb 07, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Log in to the AWS Management Console and Navigate to Systems Manager

    1. Log in to the AWS Management Console using the credentials provided.
    2. Navigate to the Systems Manager console.
    3. On the left-hand menu, under Application Management, select Parameter Store.
  2. Challenge

    Create SSM Parameter to Use in SSM Document

    1. Click Create parameter.
    2. Provide the parameter the name "mysql-pass". Optionally, provide a description.
    3. Under Tier, select the Standard radio button.
    4. Under Types, select String.
    5. In the value input box below, enter a string value for your parameter.
    6. Leave the Tags field as its default.
    7. Click Create Parameter. This SSM parameter will be referenced in the SSM document provided later.

    Note: SSM documents do not allow using secure string passwords. You'll need an SSM API call to fetch any encrypted parameter, decrypt it, and then pass it as a parameter to an SSM document.

  3. Challenge

    Create SSM Command Document

    1. In the left-hand menu, under Shared Resources, click Documents.
    2. Click Create command or session.
    3. Give your document a name.
    4. Leave the Target type dropdown field blank, which sets its value to /(meaning to target all applicable resources).
      • You can also choose to select the particular resource you're going to run this document against. In our case, we'll run it against an EC2 instance; however, we'll leave the target at its default value.
    5. Set the Document type to Command document.
  4. Challenge

    Enter the Provided SSM Command Document Schema

    1. Under the Content section, choose the radio button for JSON and paste in the SSM Command document schema provided on the lab page.
    2. Leave the Document tags section as its default.
    3. Click Create document.
  5. Challenge

    Execute the SSM Document

    1. Select the Owned by me tab, and click the document you created.
    2. Click Run command to execute your document.
    3. Leave Document version as Default.
    4. For Targets, select Choose instances manually.
    5. Select the listed AmazonLinux-Instance EC2 SSM managed instance.
    6. Uncheck the Enable writing to an S3 bucket option.
    7. Leave everything else as default, and click Run.
    8. After clicking Run, you'll be taken to the Run Command page to track the progress/status of Run Command executing the document.
  6. Challenge

    Use SSM Session to Connect to the Managed Instance and Verify

    Navigate to the Session Manager page, click Start Session, select the AmazonLinux-Instance, and start a shell session with it to verify the document was successfully applied against the instance.

    The SSM document in question installs MariaDB database server, starts its service, sets a password, queries the database, and outputs a file with the database names in it to /root/db_output.txt.

    sudo cat /root/db_output.txt

    If verifying via SSM Session Manager:

    You'll be logged in to the shell session via Session Manager as sudo-enabled user ssm-user.

    If the file db_output.txt doesn't exist or is empty it means that something did not go right.
    In which case check /var/log/amazon/ssm/amazon-ssm-agent.log

    You can become root via sudo su - root or just append sudo before commands for verification.

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans