Using SSM Parameter Store
Updated: Jul 11
Some configurations can be considered private and high risk.
Data such as Database Passwords and other valuable information can be safely stored in the SSM Parameter Store service.
The service offers the possibility of storing the data that we consider to be “secret”, to later be consumed by our applications.
Some of its features are:
Serverless, scalable
Version tracking of the configurations and secrets
Encryption with KMS (optional)
Notifications with CloudWatch Events
Configuration management using IAM and path
There are 3 types of parameters: String, StringList, and SecureString
The parameters can be saved in the form of a hierarchy, for example:
/department/
frontend/
dev/
Url-app
Db-password
prod/
Db-passwordThe service has 2 tiers:
Standard(free) and Advanced(paid).
These are some of the characteristics of each tier:
Standard
Can store up to 10,000 secrets
The maximum size of a parameter value is 4KB (a really long value)
Storage pricing is free
Advanced
Can store up to 100,000 secrets
The maximum size of a parameter value is 8KB
$0.05 per parameter per month
Here is an example of how to create our parameters:
1. First, log in to the AWS console, and in the search bar, you can filter for example by the “parameter” word, then click on Systems Manager.
2. On the left side, click on “Parameter Store”.
3. Then click on “Create parameter”.
4. Here we create one parameter of the previous hierarchy.
and then create on “Create parameter” at the bottom of the page.
Our first parameter was created.
Now we are going to create the second parameter, but this will be a SecureString.
Also, we must select the KMS key source, in this case, we will be using the KMS key that Amazon provides to us (alias/aws/ssm).
Insert the value and then click on Create parameter again.
Now I have my two parameters with their values.
What do you think about this? leave us your comments. You may also be interested in reading Quick AWS Region change
