AWS System Manager Parameter Store

Question 1

Why is it a bad idea to pass secrects into EC2 or store long term passwords in the meta-data of an instance?

Answer 1

Passing secrets into an EC2 instance is bad practice because anyone who has access to the meta-data has access to the secrets.

Question 2

What does Parameter store allow you to do?

Answer 2

Parameter store allows for storage of configuration and secrets

• Strings
• StringList
• SecureString

Question 3

What can the parameter store allow you to store?

Answer 3

It can store license codes, database strings, and full configs and passwords (long term credentials such as access keys and short term use of IAM roles).

Question 4

Can you store plaintext as well as ciphertext using the parameter store?

Answer 4

Yes. This integrates with kms to encrypt passwords.

Question 5

Can you use hierarchies and versionin in the parameter store?

Answer 5

Yes

Question 6

Does the Parameter store allow you to define public parameters?

Answer 6

Yes

Question 7

How is the parameter store accessible?

Answer 7

It is a public service so any service needs access to the public sphere or to be an AWS public service.

Question 8

Mention typical products or services that use normally the parameter store:

Answer 8

• Applications, EC2 instances, lambda functions can all request access to parameter store.

Question 9

Are there any kind of events in the Store parameter?

Answer 9

Yes, changes can create events and this can start other processes in AWS.