Using SSM Parameter Store
top of page

Using SSM Parameter Store

Some configurations can be considered private and high risk.

Data such as Database Passwords and other valuable information can be safely stored in the SSM Parameter Store service.

The service offers the possibility of storing the data that we consider to be “secret”, to later be consumed by our applications.

Some of its features are:

  • Serverless, scalable

  • Version tracking of the configurations and secrets

  • Encryption with KMS (optional)

  • Notifications with CloudWatch Events

  • Configuration management using IAM and path

There are 3 types of parameters: String, StringList, and SecureString

The parameters can be saved in the form of a hierarchy, for example:

/department/
	frontend/
		dev/
			Url-app
		  	Db-password
		prod/
			Db-password

The service has 2 tiers:

Standard(free) and Advanced(paid).


These are some of the characteristics of each tier:

Standard

  • Can store up to 10,000 secrets

  • The maximum size of a parameter value is 4KB (a really long value)

  • Storage pricing is free

Advanced

  • Can store up to 100,000 secrets

  • The maximum size of a parameter value is 8KB

  • $0.05 per parameter per month


Here is an example of how to create our parameters:

1. First, log in to the AWS console, and in the search bar, you can filter for example by the “parameter” word, then click on Systems Manager.



2. On the left side, click on “Parameter Store”.




3. Then click on “Create parameter”.




4. Here we create one parameter of the previous hierarchy.



and then create on “Create parameter” at the bottom of the page.


Our first parameter was created.


Now we are going to create the second parameter, but this will be a SecureString.



Also, we must select the KMS key source, in this case, we will be using the KMS key that Amazon provides to us (alias/aws/ssm).

Insert the value and then click on Create parameter again.


Now I have my two parameters with their values.


What do you think about this? leave us your comments. You may also be interested in reading Quick AWS Region change








Rodrigo Gonzáez Falero

DevOps Engineer

Teracloud







If you want to know more about our services, tips, blogs, or a free assessment

email our team member ben@teracloud.io





Entradas recientes
Buscar por tags
Síguenos
  • Twitter Basic Square
bottom of page