If you're having issues with this I would first try bypassing Parameter store and verify that if you use the ARN as a parameter (of type String) that it works correctly.
If that works then I wonder whether there is a permissions problem - does the user/role trying to create the changeset have full access to parameter store or are they limited to particular parameters. The ARNs for Parameter Store keys are a bit confusing because if you have a leading / in the parameter store key it shouldn't be part of the ARN (i.e. it's arn:aws:ssm:us-east-2:123456789012:parameter/Lambda/Layers/Certificate rather than arn:aws:ssm:us-east-2:123456789012:parameter//Lambda/Layers/Certificate.
If it's a permissions problem you might be able to find more information in CloudTrails about the specific permissions problem - and it might not be the parameter itself - if you're using a SecretString rather than String type it could be KMS permissions.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
If you're having issues with this I would first try bypassing Parameter store and verify that if you use the ARN as a parameter (of type String) that it works correctly.
If that works then I wonder whether there is a permissions problem - does the user/role trying to create the changeset have full access to parameter store or are they limited to particular parameters. The ARNs for Parameter Store keys are a bit confusing because if you have a leading
/in the parameter store key it shouldn't be part of the ARN (i.e. it'sarn:aws:ssm:us-east-2:123456789012:parameter/Lambda/Layers/Certificaterather thanarn:aws:ssm:us-east-2:123456789012:parameter//Lambda/Layers/Certificate.If it's a permissions problem you might be able to find more information in CloudTrails about the specific permissions problem - and it might not be the parameter itself - if you're using a SecretString rather than String type it could be KMS permissions.