SSM Parameter Store

Icon

Systems Manager

About

• Secure storage for configuration and secrets.

• Has seamless encryption using KMS, optional.

• Serverless, scalable, durable and easy to use SDK.

• Version tracking of configuration/secrets changes.

• Security is provided through IAM.

• Notifications with Amazon EventBridge.

• Integration with CloudFormation.

• Unlike Secret Manager, rotation of secrets is not possible directly but can do it via EventBridge integration.

• Its also possible to access secrets of secret manager through parameter store available at this location.

      /aws/reference/secretsmanager/<secret_ID_in_Secrets_Manager>

• There are also public parameters available at following hierarchy

      /aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2

• Can pull secrets from secret manager using SSM Parameter Store API.

Tiers

• There are two types of tiers.

Tiers of SSM

Parameter Policies

• Allows to assign TTL based on which parameters will be deleted.

• Can assign multiple policies at a time.

• Can be integrated with Event Bridge.

CLI

1. Get Parameters

       aws ssm get-parameters --names <path-to-parameter> <path-to-parameter>

2. Get Parameters with decryption

       aws ssm get-parameters --names <path-to-parameter> --with-decryption

   • Will check the kms permission to allow decryption.

3. Get Parameters by path

       aws ssm get-parameters-by-path --path <path>

4. Get Parameters by path recursilvely,

       aws ssm get-parameters-by-path --path <path> --recursive