AWS SSM Parameter Store
Detailed information on the AWS SSM Parameter Store - secret store component
Component format
To setup AWS SSM Parameter Store secret store create a component of type secretstores.aws.parameterstore
. See this guide on how to create and apply a secretstore configuration. See this guide on referencing secrets to retrieve and use the secret with Dapr components.
See Authenticating to AWS for information about authentication-related attributes.
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: awsparameterstore
spec:
type: secretstores.aws.parameterstore
version: v1
metadata:
- name: region
value: "[aws_region]"
- name: accessKey
value: "[aws_access_key]"
- name: secretKey
value: "[aws_secret_key]"
- name: sessionToken
value: "[aws_session_token]"
- name: prefix
value: "[secret_name]"
Warning
The above example uses secrets as plain strings. It is recommended to use a local secret store such as Kubernetes secret store or a local file to bootstrap secure key storage.Spec metadata fields
Field | Required | Details | Example |
---|---|---|---|
region | Y | The specific AWS region the AWS SSM Parameter Store instance is deployed in | "us-east-1" |
accessKey | Y | The AWS Access Key to access this resource | "key" |
secretKey | Y | The AWS Secret Access Key to access this resource | "secretAccessKey" |
sessionToken | N | The AWS session token to use | "sessionToken" |
prefix | N | Allows you to specify more than one SSM parameter store secret store component. | "prefix" |
Important
When running the Dapr sidecar (daprd) with your application on EKS (AWS Kubernetes), if you’re using a node/pod that has already been attached to an IAM policy defining access to AWS resources, you must not provide AWS access-key, secret-key, and tokens in the definition of the component spec you’re using.Create an AWS SSM Parameter Store instance
Setup AWS SSM Parameter Store using the AWS documentation: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html.
Related links
- Secrets building block
- How-To: Retrieve a secret
- How-To: Reference secrets in Dapr components
- Secrets API reference
- Authenticating to AWS
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified May 31, 2024: Merge 61e65296a85dd35c3b7040b281b7c17caffcc144 into 27b6a61b0e1b0a30ea4e4f31bea712dfec3813b3 (525f2ab)