diff --git a/ec2.tf b/ec2.tf
index a618758..8926333 100644
--- a/ec2.tf
+++ b/ec2.tf
@@ -12,8 +12,6 @@ resource "aws_instance" "k3s_box" {
     count = var.create_ebs_block_device ? 1 : 0
   }
 
-  # user_data = "${file("./setup_scripts/script.sh")}"
-
   connection {
     type = "ssh"
     user = "ec2-user"
@@ -36,7 +34,7 @@ resource "aws_instance" "k3s_box" {
       "chmod +x /home/ec2-user/install_crontab.sh",
       "/home/ec2-user/install_crontab.sh",
       "chmod +x /home/ec2-user/duckdns.sh",
-      "/home/ec2-user/duckdns.sh ${var.duckdns_domain} ${var.duckdns_token}"
+      "/home/ec2-user/duckdns.sh ${var.duckdns_domain} ${data.aws_ssm_parameter.duckdns_token.token}"
      ]
   }
 
@@ -176,6 +174,11 @@ resource "local_file" "k3s_box_private_key" {
   file_permission = 0400
 }
 
+# get token for duckdns from ssm
+data "aws_ssm_parameter" "duckdns_token" {
+  name = "/k3s/config/duckdns-token"
+}
+
 output "k3s_box_global_ips" {
   value = ["${aws_instance.k3s_box.*.public_ip}"]
 }
\ No newline at end of file