Overview of SSM Parameter Store

Get an overview of how to use the SSM parameter store to manage configuration parameters.

We'll cover the following

So far, we’ve used environment variables and hardcoded EC2 user data scripts to manage our configuration (e.g., database URL, database username, or database password).

Note: While this approach is easy to explain and easy to use, it’s not optimal regarding security because the configuration is stored in the EC2 user data for everyone with the right permissions to see.

Let’s migrate the configuration data to more secure service, SSM parameter store.

SSM parameter store stands for “systems manager parameter store” and is a built-in AWS feature to manage configuration data. It supports plaintext data (String and StringList) as well as encrypted data (SecureString), so we can use it for both configuration and passwords.

Note: There is an alternative AWS service called Secrets Manager, which offers a very similar functionality to the SSM parameter store. The Secrets Manager as a few additional features like auto-rotation of passwords, but it does not have a free tier.

Objectives

Get hands-on with 1400+ tech skills courses.