AWS Systems Manager | Parameter Store Flashcards
Can I use my existing configuration management tools with AWS Systems Manager state manager?
Parameter Store
AWS Systems Manager | Management Tools
Yes. AWS provides pre-defined AWS Systems Manager documents to run Ansible playbooks or Salt States, and you can use PowerShell DSC on your instances using AWS Systems Manager state manager to mitigate configuration drift. In addition, you can also directly run any configuration scripts from your public or private GitHub repository.
What is AWS Systems Manager parameter store?
Parameter Store
AWS Systems Manager | Management Tools
AWS Systems Manager provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords. This allows you to separate your secrets and configuration data from your code. Parameters can be tagged and organized into hierarchies, helping you manage parameters more easily. For example, you can use the same parameter name, “db-string”, with a different hierarchical path, “dev/db-string” or “prod/db-string”, to store different values. Systems Manager is integrated with AWS Key Management Service (KMS), allowing you to automatically encrypt the data you store. You can also control user and resource access to parameters using AWS Identity and Access Management (IAM). Parameters can be referenced through other AWS services, such as Amazon Elastic Container Service, AWS Lambda, and AWS CloudFormation.
Why should I use AWS Systems Manager parameter store?
Parameter Store
AWS Systems Manager | Management Tools
It is a best practice to store configuration data and secrets separately from your code. You can use AWS Systems Manager parameter store to quickly store and reference configuration and sensitive information. Rather than storing data in config files or referencing them in plain text, you can store and obtain this information in your applications or scripts. Additionally, you control who has access to parameters so that only the right set of users has access to the appropriate information.
How do you store sensitive data?
Parameter Store
AWS Systems Manager | Management Tools
A secure string is any sensitive data that needs to be stored and referenced in a secure manner. If you have data that you do not want users to reference in clear text or have access to data that can be tampered with or misused, you should use secure strings in AWS Systems Manager parameter store. You can encrypt your sensitive data using your own AWS Key Management Service (KMS) key or your user account default key provided by AWS KMS.
What services can I reference my parameters?
Parameter Store
AWS Systems Manager | Management Tools
You can easily reference your parameters across AWS services such as Amazon Elastic Container Service, AWS Lambda, and AWS Systems Manager, or any service through which you can use the AWS Systems Manager parameter store APIs.
Can I track usage and provide access control to specific parameters?
Parameter Store
AWS Systems Manager | Management Tools
Yes. You can provide granular access control through customized permissions to users and resources (such as instances) for parameters access using AWS Identity and Access Management (IAM). This means you can control who can access which parameter on what resource. You can also set up Amazon CloudWatch Events rules based on parameter change events. Additionally, you can also track and audit parameter API calls using AWS CloudTrail.
Can I track changes to parameters?
Parameter Store
AWS Systems Manager | Management Tools
Yes, you can see history of parameter changes. You can also use versions that are automatically incremented upon change to look up specific parameter value bases on its version.
Can I store hierarchical data as parameters?
Parameter Store
AWS Systems Manager | Management Tools
Yes, you can use a hierarchical structure to store parameters. You can also control and audit access at every level of the hierarchy.
