Week 34, 2018 - CloudFormation Secure String Parameters; ECS Docker Volumes; Twitter Breakage

By (4 minutes read)

You can now use Secure String values from the Parameter Store in CloudFormation and ECS supports Docker volumes. And Twitter limits the abilities of third-party clients.

Secure String Parameters in CloudFormation

Late last year AWS introduced the possibility of using values from the Systems Manager Parameter Store as parameters when deploying your CloudFormation stacks. This was a very helpful change, and made some things a lot easier to manage. For example, using the Parameter Store as a single place to keep certain values makes it easier to update these values or use them across different sets or even for other purposes. Alternatively, you can use it to store different configurations for the same stack, such as a development and production configuration. In addition, you can retrieve the latest AMI IDs for Amazon managed AMIs through publicly available Parameter Store values.

The main missing feature at the time was being able to use secure strings. Secure strings in the Parameter Store are values that are encrypted using a KMS key, and would therefore be very handy for creating stacks that require passwords such as an RDS instance or an Active Directory setup. This has now finally been addressed and you can start using them in your templates.

It doesn’t quite work the same however. While it collects the information from the same place1, Secure String Parameters are only accessible through Dynamic References and cannot be provided as CloudFormation parameters. In addition, you can only use it for a small group of resources. Specifically the ones that require passwords, even though you might want to use it for other things. Of course, you shouldn’t use it for something like user data anyway as it will then be visible at a later stage in the process.

ECS Docker Volumes

AWS made it easier to manage your volumes in ECS, by introducing the ability to use Docker volumes and volume plugins. This means that you can now define volumes and their configuration in your task definition instead of having to make this happen at the instance level.

This is useful for several things, not in the least to make ECS behave a bit more like standard Docker setups that you might be running on your local machine. The idea behind Docker volumes is that they abstract the underlying directory structure away and only offer you what you want for your container. And the way this works in ECS now is that effectively it allows your task definition to run the docker volume create command. It will also not try to recreate a volume if it already exists. If this is useful to you, I’d suggest to read through the documentation on Docker volumes in ECS, and possibly the links from there to the official Docker documentation. Especially as there are some limitations to it, such as that Windows ECS doesn’t support any other volume plugins than local.

Twitter Breakage

Last week Twitter did what they’ve been saying for a while and removed the old API used by developers of third-party Twitter clients. This means that those clients no longer are able to provide streaming updates, won’t receive certain notifications, and have other limitations due to a very basic replacement API. Unless they pay more money per month than most of those clients will ever make by selling their app.

Twitter obviously says they have reasons for it, such as the API being old and unmaintained2, but in the end it means that my preferred Twitter clients are now more limited and I’m not very happy about that. I’ll still keep using them as I like my timeline ordered by time instead of “magic”3, but I think it’s very bad form from Twitter considering how much of the platform originated in third-party clients.


  1. The Parameter Store ↩︎

  2. A weird statement considering they build and maintain those APIs themselves. ↩︎

  3. If I wanted that, I’d use Facebook. ↩︎

comments powered by Disqus