What is AWS Systems Manager – Parameter Store ?

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. In storing data, values can be either plain text or encrypted data. 

You can reference Systems Manager parameters in your scripts, commands, SSM documents, and configuration and automation workflows by using the unique name that you specified when you created the parameter.

“All right, how to use the Parameter Store ?”

Open AWS Systems Manager then click Parameter Store in the left navbar.

If you have opened and used it, it would look like this :

So, Parameter Store gives a path instead of plain text or “naked” values. If you want to change the value, you can click any listed path there so you will be redirected to a page that contains the information :

Suppose you have an app named nooto which has Admin JSON Web Token (JWT) and decided to store it in Parameter Store.

Value :

xFdWpsMpbBL+**************************************************

(Possible) Path :

/nooto/prod/adminjwt

The path, /nooto/prod/adminjwt, is the important thing that you want to use in an environment variable which looks like this :

“What are the benefits ?“

The main benefit, personally in my opinion is, you do not have to change configuration such as environment variables which includes database strings, passwords, every time you change the value of the variables. 

The problem is client-side is not always one. Your app might have a mobile app, progressive web application (PWA), a desktop app, etc..

Imagine if you changed two variables, you would have made changes six times (3 client-sides x 2 variables that you change = 6 times).

Here are other benefits stated by AWS :

  • Able to use a secure, scalable, hosted secrets management service with no servers to manage.
  • Improve your security posture by separating your data from your code.
  • Store configuration data and encrypted strings in hierarchies and track versions.
  • Control and audit access at granular levels.

Similar Posts