AWS Systems Manager Parameter Store のアイコン

AWS Systems Manager Parameter Store Popular2017年〜

A hierarchical store for securely managing configuration data and secrets

About 2 min read

What It Does

AWS Systems Manager Parameter Store securely stores and manages application configuration values, database connection strings, API keys, and more. Parameters can be organized hierarchically, encrypted with KMS, access-controlled via IAM, and change history is tracked.

Use Cases

Managing application environment variables, securely storing database passwords and API keys, injecting configuration values into Lambda functions and ECS tasks, and switching configurations per environment (dev/stg/prod).

Everyday Analogy

Think of a locked filing cabinet. Documents (parameters) are organized by folder (hierarchy), locked (encrypted), and there's a log of who accessed what and when.

What Is Parameter Store?

Parameter Store is a service for centrally managing configuration data and secrets. It separates hardcoded values and secrets from your code for secure management. Parameters are organized with hierarchical paths like `/app/prod/db-password`, and IAM policies can control access at the path level.

Parameter Types

Parameter Store supports three parameter types. String is a plaintext string. StringList is a comma-separated list of strings. SecureString is a KMS-encrypted string used for passwords and API keys. Standard parameters are free (up to 10,000), while Advanced parameters are paid and support TTL (expiration) and parameter policies. For practical tips on using parameter types, technical books on Amazon are a useful resource.

Getting Started

In the Systems Manager console under "Parameter Store," select "Create parameter." Specify the name (hierarchical path), type, and value. Retrieve parameters from Lambda functions or ECS tasks using the AWS SDK's GetParameter API. You can also reference parameters directly from CloudFormation templates using dynamic references ({{resolve:ssm:...}}).

Things to Watch Out For

  • Standard parameters are free with a limit of 10,000. This is sufficient for most use cases
  • If you need secret rotation, Secrets Manager is more appropriate - Parameter Store lacks rotation capabilities
  • KMS charges apply for encrypting/decrypting SecureString parameters
共有するXB!

Related Services

AWS Secrets Manager iconAWS Secrets ManagerSecurely manage and automatically rotate database passwords and API keysAWS KMS iconAWS KMSA managed encryption key service for securely creating and managing keys used to encrypt dataAWS Lambda iconAWS LambdaA serverless compute service that runs code without server managementAWS Systems Manager iconAWS Systems ManagerAn operations management service for centrally managing AWS resources and on-premises servers

Related Articles

Managing Configuration and Secrets with AWS Systems Manager Parameter Store - Hierarchical Structure and EncryptionLearn how to manage configuration values and secrets with Parameter Store, design hierarchical parameter structures, and choose between Parameter Store and Secrets Manager.

More in This Category

AWS AppFabric iconAWS AppFabric NewA service that standardizes and aggregates audit logs from SaaS applicationsAWS AppConfig iconAWS AppConfig SpecializedA service for safely deploying and managing application configurationAWS Chatbot iconAWS Chatbot SpecializedAn interactive agent that delivers AWS notifications and enables resource operations through Slack and Microsoft TeamsAWS CloudFormation iconAWS CloudFormation EssentialAn IaC service that defines and provisions AWS resources as code using templatesAWS CloudTrail iconAWS CloudTrail EssentialA service that records and monitors API activity in your AWS accountAmazon CloudWatch iconAmazon CloudWatch EssentialA service that provides monitoring, log management, and alarms for AWS resources and applicationsAWS Config iconAWS Config PopularA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS Control Tower iconAWS Control Tower PopularA service that automates multi-account environment setup and governance

Similar Articles and Services

Managing Configuration and Secrets with AWS Systems Manager Parameter Store - Hierarchical Structure and EncryptionLearn how to manage configuration values and secrets with Parameter Store, design hierarchical parameter structures, and choose between Parameter Store and Secrets Manager.AWS Systems ManagerA service that centralizes operational management of EC2 instances and on-premises servers, enabling patch application, command execution, parameter management, and session connections securely without SSHAWS Secrets ManagerA service for securely storing, retrieving, and automatically rotating secrets such as database passwords and API keys, eliminating hard-coded credentialsAWS Secrets Manager - Automatic Rotation and Application IntegrationAutomatically rotate RDS and Aurora passwords with Lambda functions and seamlessly retrieve secrets from applications using the SDK caching library. Also covers when to use Parameter Store instead.