📖 What is AWS Systems Manager Parameter Store?
AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. It allows applications to retrieve parameters such as database strings or license keys without hardcoding them directly into the application source code.
"Distinguish this from Secrets Manager by remembering that Parameter Store is often free for standard parameters and does not support automatic password rotation."
📚 Certification: AWS Certified Solutions Architect - Associate (SAA-C03)
🔑 What are the Key Concepts of AWS Systems Manager Parameter Store?
- ▸ Supports three parameter types: String, StringList, and SecureString, with the latter using AWS KMS for encryption of sensitive data.
- ▸ Utilizes a hierarchical naming structure (e.g., /env/app/db_url) to organize configurations and simplify IAM permission management via path-based policies.
- ▸ Decouples configuration from application code, allowing developers to update settings in real-time without redeploying the entire application or updating environment variables.
- ▸ Provides automatic versioning for every parameter change, enabling easy auditing of configuration history and the ability to roll back to previous versions.
- ▸ Offers Standard parameters for free with basic limits, and Advanced parameters for a fee to support larger payloads and higher throughput.
🎯 How does AWS Systems Manager Parameter Store appear on the SAA-C03 Exam?
You may be asked to select the most cost-effective service for storing non-rotating configuration data and secrets across multiple EC2 instances.
A scenario might describe a need to manage environment-specific settings for Dev, Test, and Prod using a single service with granular access control.
Expect questions where you must choose Parameter Store over Secrets Manager when automatic password rotation is not a requirement for the solution.
❓ Frequently Asked Questions
When should I choose Parameter Store over AWS Secrets Manager?
Choose Parameter Store for general configuration data or secrets that do not require automatic rotation. Use Secrets Manager when you need built-in rotation for RDS or third-party APIs and can afford the per-secret monthly cost.
How do I restrict access to parameters based on the environment?
Use a hierarchical path structure like /prod/ or /dev/ and create IAM policies that use the 'Resource' element with wildcards to grant access only to specific paths.
Can Parameter Store be used to store large configuration files?
No, Parameter Store has strict size limits (4KB for standard). For larger configuration files or complex objects, you should store the file in Amazon S3 and store the S3 URI in Parameter Store.