You all do know that AWS SSM Parameter Store exists, right? It’s literally a KV store explicitly for this purpose. Parameters are scoped by path, versioned, are have optional encryption at rest.<p>Like you’re using the AWS cli! It’s one call to <a href="https://docs.aws.amazon.com/cli/latest/reference/ssm/get-parameter.html" rel="nofollow">https://docs.aws.amazon.com/cli/latest/reference/ssm/get-par...</a> away.<p>It even has built in Ansible support <a href="https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ssm_lookup.html" rel="nofollow">https://docs.ansible.com/ansible/latest/collections/amazon/a...</a> and can values can be rendered in Cloudformation templates natively.<p>Too hard? Maybe try Chamber <a href="https://github.com/segmentio/chamber" rel="nofollow">https://github.com/segmentio/chamber</a> It has support for multiple backends and can render secrets in lots of different formats.
Ha! This is a novel idea for KV storage. Even reasonably secure if it's the private hosted zone used in the post.<p>I wonder if you used the public zone option and did the nslookup as specified if you'd run into wrong or empty state while it propagates (assuming you need the value shortly after it's stored). Either way, using the awscli would pull it write away so it wouldn't matter.<p>Anyway, cool idea!
Very hacky -- in both a good sense and a bad sense.<p>Seems like there are tons of SaaS & cloud service offerings which could be overloaded to do this.
Eg, why not just use resource Tags in AWS? they are key/value pairs.
Or, why not put your key-values in a json file and store them as a GitHub workflow artifact?
etc......