IAM Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1517398919242",
"Action": [
"kms:Decrypt"
],
"Effect": "Allow",
"Resource": "arn:aws:kms:eu-west-1:accountid:key/123456-7890-12345-67890"
},
{
"Sid": "Stmt1517399021096",
"Action": [
"ssm:GetParameter"
],
"Effect": "Allow",
"Resource": [
"arn:aws:ssm:eu-west-1:accountid:parameter/test/ruan/mysql/db01/mysql_*"
]
}
]
}
Setting Environment Variables:
$ export MYSQL_HOSTNAME="/test/ruan/mysql/db01/mysql_hostname"
$ export MYSQL_USERNAME="/test/ruan/mysql/db01/mysql_user"
Python Script:
import os
import boto3
session = boto3.Session(region_name='eu-west-1')
ssm = session.client('ssm')
MYSQL_HOSTNAME = os.environ.get('MYSQL_HOSTNAME')
MYSQL_USERNAME = os.environ.get('MYSQL_USERNAME')
hostname = ssm.get_parameter(Name=MYSQL_HOSTNAME, WithDecryption=True)
username = ssm.get_parameter(Name=MYSQL_USERNAME, WithDecryption=True)
print("Hostname: {}".format(hostname['Parameter']['Value']))
print("Username: {}".format(username['Parameter']['Value']))
Running The Script:
$ python app.py
Hostname: db01.eu-west-1.mycompany.com
Username: super_dba