The use of Infrastructure as Code (IaC) has been gaining popularity as a best-practice for automating infrastructure deployment and configuration. It brings numerous benefits such as increased development velocity, less errors and less deployment pain. One of the widely used IaC tools is AWS Cloud Development Kit (CDK), which allows developers to create resources in AWS using their preferred coding language (e.g. TypeScript, Python, Golang etc.). With CDK, developers can leverage language-specific features (for-loops, if-statements, functions, classes) and create and customize most AWS resources easily.<p>However, sometimes custom resources are needed, which are not directly supported by CDK. And in some cases, extra logic is required whenever a resource gets created. So was my case with AWS Systems Manager Parameter Store (SSM) SecureString parameters. These parameters ensure that sensitive data like passwords, API keys, and other credentials are encrypted using AWS KMS. While CDK supports SSM parameters, it does not allow for the creation of SSM SecureString parameters.<p>This is where AWS Lambda-baked custom resources come in. They allow developers to define the lifecycle management of resources and implement required logic when resources are created, changed, or deleted. In my latest blog post I've leveraged CDK, TypeScript, and Golang to create a custom resource for SSM SecureString parameters. This custom resource used an internally created lambda to take care of everything.