Allow the key of stack output parameters to be read as an SSM parameter, the in the same way that value can be

[julian-price]

Is your feature request related to a problem? Please describe.
When deploying a StackSet to multiple regions, I had a need to create a different SSM parameter for each region, using the region name in the key. The CfCT is currently set up to allow CFN outputs to be stored as SSM parameter values, but the key is fixed/hardcoded.

Describe the feature you'd like
I managed to resolve the issue by patching the code to allowing the key of stack output parameters to be read as SSM parameters the in the same way that values can be.

This is a very minor change, but it is powerful in that it enables CfCT adminstrators to craft their own SSM parameter names just using CloudFormation outputs. It would be great if this enhancement could be included in a future release so everyone can benefit from it.

1. Clone the CfCT repo and modify the _save_ssm_parameters function in source/src/cfct/state_machine_handler.py
2. Add the following code to parse the key like an ssm parameter if it is contained within $[ ... ] (the same as values are):

        if key.startswith("$[") and key.endswith("]"):
            key = key[2:-1]
            # Iterate through all the keys in the event
            # (includes the nested keys)
            for k, v in self.nested_dictionary_iteration(self.event):
                if key.lower() == k.lower():
                    ssm_key = v
                    break
                else:
                    ssm_key = key
        else:
            ssm_key = key

3. Now, modify lines 1268 and 1269 the _save_ssm_parameters function to use the ssm-replacement key:

            self.logger.info("Adding value for SSM Parameter Store" " Key: {}".format(ssm_key))
            self.ssm.put_parameter(ssm_key, ssm_value)

4. Package and deploy the CfCT according to the instructions in https://github.com/aws-solutions/aws-control-tower-customizations?tab=readme-ov-file#building-the-customized-solution

Once this is done, you can construct CFN outputs for both the key and value in your CloudFormation YAML, for example:

Outputs:
  oMyNewResourceArn:
    Value: !GetAtt myResource.Arn
  oMyNewResourceArnParamName:
    Value: !Sub /my/resource/${AWS::Region}/my-resource-arn

Back in the manifest.yaml, store the parameters into the management account SSM:

  - name: my-new-resource
    description: Example showing how to use dynamic export outputs for key and value pairs
    resource_file: templates/my-resource.yaml
    export_outputs: 
      - name: $[output_oMyNewResourceArnParamName]
        value: $[output_oMyNewResourceArn]

Finally, for other stacks that need to use the SSM parameters, you can read the SSM parameters stored in the management account using the alfred helper and and then pass them down to the accounts that other stacks are being provisioned in.

Additional context
I originally raised this as a comment in another issue, but I thought it was deserving of its own feature request.

Code in the above example is correct as of CfCT release v2.8.1

[deb-mohan]

I was about to raise a request too. Not only for regions but also other values like accounts. Example:

  - name: ec2-sessionsmanager-role
    description: IAM Sessions Manager Role for EC2 Instances
    resource_file: templates/common/sessionsmanager-role.yaml
    deploy_method: stack_set
    deployment_targets:
      accounts:
        - dev
        - test
        - stage
        - prod
    export_outputs:
      - name: /${AWS::Region}/${account}/sessionsmanager/role/arn
        value: $[output_RoleArn]
      - name: /${AWS::Region}/${account}/sessionsmanager/role/name
        value: $[output_RoleName]```