As we continue our exploration of programming AWS from Haskell, we’ll hit on an important subject that is often neglected: that of configuration. Today we’ll talk about AWS’s SSM service. SSM, or Simple Systems Manager, is a big service and we’ll only talk about the parameter store part of it, but I hope this article will encourage you to explore more of this important service.
Why do I mention configuration? Well, most likely any application you’re likely to write will require some configuration, either to customize behaviour for individual users of your application, or as a way to persist user-specific data. I’m currently working on a side project to programmatically access my Fitbit data. The Fitbit web API uses OAuth2 authentication and to effectively use this protocol, your application needs to know various pieces of information that will vary from user to user and from session to session, such as:
I’ve describe the usual lifetime of these values in parentheses. Not only do these values vary as described here, they should also be treated differently in security terms. For example, the client secret as well as the access and refresh tokens should never be shared with another application. The one common theme to all of these values, however, is that they should not be stored as part of the application’s source code. Applications will typically use one or more of the following mechanisms for managing these values:
When moving our code to AWS, not all of these options are left available to us. Consider moving a program to run under AWS Lambda, for example. Lambda only supports one of these options: environment variables. This mechanism might suffice for some of the values we need to pass into our application but not all. The main issues with environment variables are:
So, to address these two important shortcomings, an application developer might decide to fall back on other strategies for handling things like access tokens, such as storing these values in a database. This might work out, but is a little heavyweight for managing a small number of values like this. This is where AWS Systems Manager’s parameter store comes in. This is a mechanism for storing strings, lists of strings or encrypted strings for use by AWS services. The values are protected by all the standard AWS IAM mechanisms and, furthermore, can be mutated by services as desired.
Today, I’ll show you a quick-and-dirty Haskell programs that demonstrates how to write and read parameters using the amazonka-ssm package.
Firstly, you’ll need access to SSM. There are two main options:
We have a pretty standard set of dependencies:
These are defined as part of the
We import a few functions from the
This is one of the simpler AWS programs in this series. This is a summary:
I’ve gathered this all together into this buildable project. As always, I like to build using Stack.
Content © 2023 Richard Cook. All rights reserved.