(aws-ssm): Clarification on SSM Parameter Overwriting Needed

[shellscape]

There's a lot of opacity around how, when, and by what mechanism StringParameter constructs overwrite previous, existing, or modified parameter values. Through our own experiments, we know the following conditions exist:

• A parameter value is written when the param is first created
• If the value for a previously created param is manually updated (via aws console or aws cli), cdk does not update the value on subsequent deploys
• If the value for a previously created param is manually updated (via aws console or aws cli), but the value is changed in the cdk code for the param, cdk does update the value on subsequent deploys, overwriting it with the value in the cdk code.

I'm unable to find any documentation or explanation as to the mechanisms that determine when CDK updates a parameter value, and under what conditions. Source diving the ssm package didn't reveal any clues either. This is currently "black box" or "magic" and it goes without saying that's not great.

I'd love to see some information around this and the mechanisms involved (including if metadata is involved, and where that metadata lives), even if only as a reply to this issue. Official documentation would of course assist the entire userbase.

---

This is a 📕 documentation issue

[MrArnoldPalmer]

So the StringParameter is mostly just creating a SSM::Parameter cloudformation resource, so some of the idiosyncrasies you're describing may be found in the CFN documentation, though I don't see any during a cursory glance. Either way it would be good to investigate and understand all of the lifecycle for creation/update of ssm parameters from the CDK perspective and document those.

[github-actions[bot]]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

[shellscape]

I'd like to keep this open given the previous reply indicates it's valuable.