Documentation

We are here to help you get from zero to one fast.

Get Started    Discussions

AWS Parameter Store

reading time 3 mins

This guide will show you how to set up automatic syncing of Doppler secrets to AWS Parameter Store.

Prerequisites

  • You have an AWS account with console access and are familiar with AWS Parameter Store.
  • Familiarity with AWS IAM is advantageous but not strictly required

Authorizing the AWS Parameter Store Integration

Navigate to the project you would like to integrate, click Integrations from the Projects menu, then select AWS Parameter Store to begin the authorization process.

The first step is entering the AWS Key ID and Secret Access Key required by Doppler to sync secrets to the Parameter Store.

You can choose to enter credentials for an existing IAM user, or you can click the link above the text fields to create a new IAM user with the required permissions.

If using an existing IAM user, you can skip this step, but if not, once on the AWS IAM page, click the Create user button at the bottom right of the screen, then leave the following page open as you'll need the credentials for the next step.

Paste in your AWS Key ID and Secret Access Key and click Connect to finish creating the connection to AWS.

Advanced: using a custom AWS IAM policy

If you'd prefer a custom IAM policy with only the permissions required by Doppler, you can use the following policy in JSON format to attach to a new or existing IAM user:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowSSMAccess",
            "Effect": "Allow",
            "Action": [
                "ssm:PutParameter",
                "ssm:LabelParameterVersion",
                "ssm:DeleteParameter",
                "ssm:RemoveTagsFromResource",
                "ssm:GetParameterHistory",
                "ssm:AddTagsToResource",
                "ssm:GetParametersByPath",
                "ssm:GetParameters",
                "ssm:GetParameter",
                "ssm:DeleteParameters"
            ],
            "Resource": "*"
        }
    ]
}

Configuring the AWS Parameter Store Integration

Now chose the config to sync, the AWS region, and optionally, the Path that acts as a prefix for the name of each secret synced. For example, a Path value of /yodaspeak/production/ with a secret named API_KEY would result in a Parameter Store key of /yodaspeak/production/API_KEY.

Click Setup Integration and Doppler will instantly sync your secrets to AWS! To confirm the integration is working correctly, you can view the synced secrets in Parameter Store by clicking the DESTINATION link

πŸ‘

Amazing Work!

You've successfully set up the Doppler AWS Parameter Store integration! Every time you update your secrets in Doppler, we will automatically update them to AWS Parameter Store.

Updated about a month ago


AWS Parameter Store


reading time 3 mins

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.