The AWS Systems Manager’s capability provides secure, encrypted storage for configuration data management and Credentials/Security management. We can store passwords, database strings, Amazon Machine Image IDs, and license codes as parameter values. We can store values as plain text and encrypted data. You can reference Systems Manager parameters in your scripts, commands, SSM documents, and automation workflows by using the unique name you specified when you created a parameter.
It is integrated with the secret manager, which manages the passwords and password policy. To access the open system manager console and choose the parameter console from the menu.
Parameter Store Benefits
- Improvement of security
- Separation of data from code
- Audit and access the passwords
- Reliability- parameters stored in different regions
- Store configuration and data encrypted
Parameter Store Features
- Modify/configure notification preferences on parameter policies.
- Can restrict access to parameters by creating an AWS Identity and IAM policy that specifies the tags that a user or group can access.
- Labelling of multiple parameter versions
- Validation of parameters after creations
- Parameter store integration
- Accessible from most of the AWS services
Any piece of information that is saved in the Parameter Store, such as a block of text, a list of names, a password, an AMI ID, a licensing key, and so on, is referred to as a Parameter Store Parameter.
String, StringList, and SecureString are the three parameter types that Parameter Store supports.
To ensure that the value you submit is in the right format for an Amazon EC2 AMI, you can define the data type for String arguments as aws:ec2:image
String arguments by default contain any block of text you enter.
The following examples demonstrate how comma-separated lists of values are used in StringList arguments.
Sensitive data is stored which is in the form of encrypted format. The SecureString parameter type can be used to encrypt textual data, including passwords, application secrets, private configuration information, and any other kinds of information you want to keep private. An AWS KMS key is used to encrypt and decrypt SecureString data.
Setting Up Parameter store
Configure AWS Identity and Access Management (IAM) policies to grant users in your account access to the actions you define before creating parameters in Parameter Store, a feature of AWS Systems Manager.
The manual configuration of these policies using the IAM console and the distribution of them to users and user groups are covered in this section.
To limit which parameter actions can be executed on a managed node, policies can be established and assigned.
This section also explains how to set Amazon EventBridge rules so you can get alerts whenever a parameter in Systems Manager changes.
Additionally, you may use EventBridge rules to trigger additional AWS operations depending on modifications to the Parameter Store.