aws
Share an SSM parameter between multiple copilot applications
I have some parameters stored in SSM which I would like to share between multiple copilot applications. Currently the generated CloudFormation stack restricts the access to secrets using the copilot-application and copilot-environment tags. Is it possible to configure a secret to be accessible across multiple applications or environments? Otherwise I would end up repeating SSM parameters defining credentials for certain third-party services and creating a lot of parameter management synchronization in SSM.
Perhaps making the tag condition in the CloudFormation template to access SSM parameters optional would be worth considering. This issue also prevented me from dynamically spinning up new applications and environments in CI/CD pipelines in #2005
Has there been any updates to this?
My application has a prod and staging environment, both of them need to access the same SSM store. Being able to access the same secrets is crucial.
Quick Fix:
The quick solution is to create another secret with a different name,
e.g,
/secrets/prod, with copilot-environment: prod
/secrets/staging with copilot-environment: stage
but this quick fix is not ideal once my application scales to include more applications / environments requiring the same secrets. (which may also change and require more manual updates)
Better fix:
being able to tag shared resources with string delimited tags, e.g,
copilot-environment: prod:stage:feature
copilot-application: v1_application:v2_application
