AWSTemplateFormatVersion: "2010-09-09" Description: AWS CloudFormation workshop - Pseudo parameters (uksb-1q9p31idr) (tag:pseudo-parameters). Parameters: DatabaseUsername: Description: Value to be used with the dbUsername SSM parameter. The default value is set to 'alice', which users can override when creating a CloudFormation stack. Type: String Default: alice AllowedPattern: ^[a-z0-9]{5,12}$ S3BucketNamePrefix: Description: The prefix to use for your S3 bucket Type: String Default: cfn-workshop AllowedPattern: ^(?!(^xn--|.$))^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$ ConstraintDescription: Bucket name prefix can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Resources: BasicParameter: Type: AWS::SSM::Parameter Properties: Name: dbUsername Type: String Value: !Ref DatabaseUsername Description: SSM Parameter for database username. DemoRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Principal: Service: - lambda.amazonaws.com Action: - sts:AssumeRole Path: / Policies: - PolicyName: ssm-least-privilege PolicyDocument: Version: "2012-10-17" Statement: - Effect: Allow Action: ssm:GetParameter Resource: !Sub 'arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${BasicParameter}' DemoLambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.lambda_handler Role: !GetAtt DemoRole.Arn Runtime: python3.8 Code: ZipFile: | import boto3 client = boto3.client('ssm') def lambda_handler(event, context): response = client.get_parameter(Name='dbUsername') print(f'SSM dbUsername parameter value: {response["Parameter"]["Value"]}') DemoBucket: Type: AWS::S3::Bucket Properties: BucketName: !Sub '${S3BucketNamePrefix}-${AWS::Region}-${AWS::AccountId}'