AWS CloudFormation now supports Secure String Parameter from AWS Systems Manager Parameter Store. A Secure String parameter is any sensitive data that needs to be stored and referenced in a secure manner. Now, you can use the Parameters section in your CloudFormation templates to dynamically reference Secure Strings into your templates each time you create or update your stack without exposing the values as clear text. CloudFormation retrieves the value of the specified Secure String Parameter from the Parameter Store when necessary and use it during stack operations.
To learn more about dynamic references and CloudFormation resources that support dynamic references for Secure String Parameter from AWS Systems Manager Parameter Store, please visit AWS CloudFormation documentation.
The CloudFormation support for Secure String as a parameter in templates is available in the following regions: US East (Ohio), US East (N. Virginia), US West (N. California), US West (Oregon), Canada (Central), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), South America (São Paulo), and AWS GovCloud (US).