Menu
I have Windows user account credentials passed in as parameters in a CloudFormation template. Using SSM/EC2Config I will need to execute commands on my instances associated with this template, but since only one specific user account on Windows has been granted access to resources I need, I need to specify these same credentials when I execute my Powershell commands via SSM (as just running as Administrator will not have the proper access).
The commands will be run later, not at instance launch. Is there any way for me to grab these credentials from CloudFormation? Or any other way to achieve this or something similar?
252
asked Oct 18 '25 13:10
As long as the parameters in question do not have the NoEcho property explicitly set to true (it defaults to false), then you can retrieve the parameter values using the describe-stacks call from any of the various tools (e.g. AWS API, CLI, or SDK of your choice). If NoEcho is set to true, you won't be able to retrieve those parameter values.
To run the command, you will need to either run it from an instance that's running with an IAM role / instance profile which has the correct permissions to call describe-stacks, or the tool has been configured with AWS security credentials (i.e. Access Key Id and Secret Access Key) that have permission.
AWS CLI examples:
aws cloudformation describe-stacks --region <region> --stack-name <stack-name>
By default, you'll notice the parameters are embeded in a JSON response, along with a bunch of other information about the stack. To be more useful in scripting, you could use a JMESPath query to narrow down the data returned to just the parameter's value:
aws cloudformation describe-stacks --region <region> --stack-name <stack-name> --query 'Stacks[*].Parameters[?ParameterKey == `<parameter-name>`].ParameterValue' --output text
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
