Using SSM Parameter Store
Some configurations can be considered private and high risk.
Data such as Database Passwords and other valuable information can be safely stored in the SSM Parameter Store service.
The service offers the possibility of storing the data that we consider to be “secret”, to later be consumed by our applications.
Some of its features are:
Version tracking of the configurations and secrets
Encryption with KMS (optional)
Notifications with CloudWatch Events
Configuration management using IAM and path
There are 3 types of parameters: String, StringList, and SecureString
The parameters can be saved in the form of a hierarchy, for example:
/department/ frontend/ dev/ Url-app Db-password prod/ Db-password
The service has 2 tiers:
Standard(free) and Advanced(paid).
These are some of the characteristics of each tier:
Can store up to 10,000 secrets
The maximum size of a parameter value is 4KB (a really long value)
Storage pricing is free
Can store up to 100,000 secrets
The maximum size of a parameter value is 8KB
$0.05 per parameter per month
Here is an example of how to create our parameters:
1. First, log in to the AWS console, and in the search bar, you can filter for example by the “parameter” word, then click on Systems Manager.
2. On the left side, click on “Parameter Store”.