I am trying to use a SecureString in the meta data section of a cloud formation template but it raises the following error:
SSM Secure reference is not supported in: [AWS::EC2::Instance/Metadata/AWS::CloudFormation::Init/config/files/~/.ssh/content]
This is my code:
Resources:
LinuxEC2Instance:
Type: AWS::EC2::Instance
Metadata:
AWS::CloudFormation::Init:
config:
files:
~/.ssh:
content: !Sub |
'{{resolve:ssm-secure:/credentials/ansible:1}}'
mode: "000644"
owner: "ansible"
group: "ansible"
Why does this not work? I expected secure string references to work in Cloud Formation Templates?
Why does this not work?
It does not work because ssm-secure is not supported for AWS::EC2::Instance. The list of supported resources is here and it includes:
AWS::DirectoryService::MicrosoftAD
AWS::DirectoryService::SimpleAD
AWS::ElastiCache::ReplicationGroup
AWS::IAM::User
AWS::KinesisFirehose::DeliveryStream
AWS::OpsWorks::App
AWS::OpsWorks::Stack
AWS::OpsWorks::Stack
AWS::RDS::DBCluster
AWS::RDS::DBInstance
AWS::Redshift::Cluster