Extension Ssm Config

Extension Basics

Title	Ssm Config
Name	ckanext-ssm-config
Type	Public extension
Description	CKAN extension to interpolate config values from Amazon SSM Parameter Store
CKAN versions	~2.9, ~2.10, ~2.11 Show details These CKAN Versions are exactely matched: 2.10.0 2.10.1 2.10.2 2.10.3 2.10.4 2.10.5 2.10.6 2.10.7 2.10.8 2.10.9 2.11.0 2.11.1 2.11.2 2.11.3 2.11.4 2.12.0 2.9.0 2.9.0a 2.9.1 2.9.10 2.9.11 2.9.13 2.9.2 2.9.3 2.9.4 2.9.5 2.9.6 2.9.7 2.9.8 2.9.9
Download-Url (zip)	https://github.com/qld-gov-au/ckanext-ssm-config.git#egg=ckanext-ssm-config
Last commit	9 months ago (2025-04-22 06:04:52)
Url to repo	https://github.com/qld-gov-au/ckanext-ssm-config
Category	Regional Government Themes

Background Infos

Description (long)

Show details

ckanext-ssm-config - Amazon SSM Config CKAN Extension

About

This plugin enables CKAN config options to be retrieved at runtime from AWS Parameter Store.

This is particularly useful for automatically managed environments, so that dynamic or secret values such as the Beaker session key, XLoader job tokens, or Google reCAPTCHA private keys, can be stored securely outside the configuration management system.

Unfortunately the current CKAN architecture does not allow for database passwords to be handled by this plugin, as the password is read from the config before this plugin has the chance to inject it.

Queensland Government has developed this plugin to be used with data.qld.gov.au and publications.qld.gov.au.

Features

Config values with SSM Parameter Store placeholders, ${ssm:/path/to/value} or {{ssm:/path/to/value}}, will be replaced at runtime.
Values that cannot be retrieved from the Parameter Store will result in blanks, or a fallback value can be supplied, eg {{ssm:/path/to/value:default_value}}
All SSM parameters under a prefix can be automatically converted into config entries.

Requirements

boto3
Compatibility with core CKAN versions:

CKAN version	Compatibility
2.7	no longer supported
2.8	no longer supported
2.9	yes
2.10	yes
2.11	yes
master	yes*

*Testing occurs against ‘master’ in non-failing mode, do verify test summary. At of April 2025 it was passing, so we are confident it is 2.12 compatible.

Configuration

“` ckan.plugin

Version

0.1.1

Version release date

2025-04-22

Contact name

(not set)

Contakt email

(not set)

Contact Url

(not set)

Installation Guide

Configuration hints	`ckan.plugins = ssm_config` IAM permissions similar to the following are needed: “` { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “ssm:GetParameter”, “ssm:GetParameters”, “ssm:GetParametersByPath” ], “Resource”: [ “arn:aws:ssm:::parameter/CKAN/config/”, “arn:aws:ssm:::parameter/CKAN/config/*”, ], “Effect”: “Allow”
Plugins to configure (ckan.ini)	ssm_config
CKAN Settings (ckan.ini)	`# ckanext.ssm_config.region_name = <region> # ckanext.ssm_config.prefix = /CKAN/config/ # ckanext.ssm_config.aws_access_key_id = abcde # ckanext.ssm_config.aws_secret_access_key = ABCDE`
DB migration to be executed	(not set)

<< back to Extensions