Using SSM Parameter Store

Some configurations can be considered private and high risk.

Data such as Database Passwords and other valuable information can be safely stored in the SSM Parameter Store service.

The service offers the possibility of storing the data that we consider to be “secret”, to later be consumed by our applications.

Some of its features are:

  • Serverless, scalable

  • Version tracking of the configurations and secrets

  • Encryption with KMS (optional)

  • Notifications with CloudWatch Events

  • Configuration management using IAM and path

There are 3 types of parameters: String, StringList, and SecureString

The parameters can be saved in the form of a hierarchy, for example:

/department/
	frontend/
		dev/
			Url-app
		  	Db-password
		prod/
			Db-password

The service has 2 tiers:

Standard(free) and Advanced(paid).


These are some of the characteristics of each tier:

Standard

  • Can store up to 10,000 secrets

  • The maximum size of a parameter value is 4KB (a really long value)

  • Storage pricing is free

Advanced

  • Can store up to 100,000 secrets

  • The maximum size of a parameter value is 8KB

  • $0.05 per parameter per month


Here is an example of how to create our parameters:

1. First, log in to the AWS console, and in the search bar, you can filter for example by the “parameter” word, then click on Systems Manager.



2. On the left side, click on “Parameter Store”.




3. Then click on “Create parameter”.




4. Here we create one parameter of the previous hierarchy.



and then create on “Create parameter” at the bottom of the page.


Our first parameter was created.


Now we are going to create the second parameter, but this will be a SecureString.