General AWS Systems Manager Parameter Store Concepts
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management.
It is highly scalable, available, and durable,
You can store data such as passwords, database strings, and license codes as parameter values.
You can store values as plaintext (unencrypted data) or ciphertext (encrypted data).
You can then reference values by using the unique name that you specified when you created the parameter.
There are no additional charges for using SSM Parameter Store. However, there is a limit of 10,000 parameters per account.
Benefits and features
Use a secure, scalable, hosted secrets management service with no servers to manage.
Improve your security posture by separating your data from your code.
Store configuration data and secure strings in hierarchies and track versions.
Control and audit access at granular levels.
Configure change notifications and trigger automated actions for both parameters and parameter policies.
Tag parameters individually, and then secure access from different levels, including operational, parameter, Amazon EC2 tag, and path levels.
Reference AWS Secrets Manager secrets by using Parameter Store parameters.
Use Parameter Store parameters with other Systems Manager capabilities and AWS services to retrieve secrets and configuration data from a central store.
Can store strings such as licence keys to pass to EC2 instances.
Parameters can be encrypted using KMS.
Data can then be referenced by the name of the value stored.
The growing list of AWS services that support Parameter Store parameters includes the following:
- Amazon Elastic Compute Cloud (Amazon EC2).
- Amazon Elastic Container Service (Amazon ECS).
- AWS Lambda.
- AWS CloudFormation.
- AWS CodeBuild.
- AWS CodeDeploy.
You can also configure integration with the following AWS services for encryption, notification, monitoring, and auditing:
- AWS Key Management Service (AWS KMS).
- Amazon Simple Notification Service (Amazon SNS).
- Amazon CloudWatch.
- AWS CloudTrail.