aws-parameter-store
The aws-parameter-store provider enables you to dynamically import parameters from AWS Systems Manager - Parameter Store into your Environment. The provider will return a map of names to parameters.
Example
values:
aws:
login:
fn::open::aws-login:
oidc:
roleArn: arn:aws:iam::123456789:role/esc-oidc
sessionName: pulumi-environments-session
params:
fn::open::aws-parameter-store:
region: us-west-1
login: ${aws.login}
get:
myKey:
name: /myNamespace/myKey
myKeyByVersion:
name: /myNamespace/myKey:1
myKeyByVersionLabel:
name: /myNamespace/myKey:stable
secureKey:
name: /myNamespace/secureKey
decrypt: true
myList:
name: /myNamespace/myList
pulumiConfig:
myKey: ${aws.params.myKey}
secureKey: ${aws.params.secureKey}
Schema reference
Reference schemas last updated on 2026-07-11, synced automatically from the Pulumi Cloud ESC API.
Inputs
getmap[string]AWSParameterStoreGet requiredThe parameters to get.- ↳
decryptboolean optionalWhether to decrypt the parameter value. - ↳
namestring requiredThe name of the parameter to get. You can include a version number or label after a colon. loginAWSLogin requiredThe credentials to use to get parameters.- ↳
accessKeyIdstring requiredThe AWS access key ID. - ↳
secretAccessKeystring requiredThe AWS secret access key. - ↳
sessionTokenstring optionalThe AWS session token, if any. regionstring requiredThe region in which the parameters are stored.
Outputs
A map from names to parameter values.
Type: map[string]string
Configuring OIDC
To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see the OpenID Connect integration documentation. Once you have completed these steps, you can validate that your configuration is working by running either of the following:
pulumi env open <org>/<project>/<environment>command of the Pulumi CLIpulumi env open <org>/<project>/<environment>command of the Pulumi CLI
Make sure to replace <org>, <project>, and <environment> with the values of your Pulumi organization and environment identifier respectively. You should see output similar to the following:
{
"aws": {
"login": {
"accessKeyId": "ASIA....",
"secretAccessKey": "mWdm....",
"sessionToken": "Fwo...."
},
"params": {
"myKey": "latest value",
"myKeyByVersion": "old value",
"myKeyByVersionLabel": "stable value",
"secureKey": "secret value",
"myList": [
"value 1",
"value 2"
]
}
}
}