Parameter Store
Secure, hierarchical storage for configuration data management and secrets managements
You can store data such as password, database strings, and license codes as parameter values.
Store configuration data and secure strings in hierarchies and track version
You can encrypt parameters using KMS.
You group parameter together based on the naming convention by using forward slashes. This is how you create hierarchies. This allow you to fetch all parameters at different levels. e.g. /exampro/application/prod
You can choose a tier which limits how many parameters and the size of the values.
Type can be:
- String
- StringList comma separated string
- SecureString encrypted String with KMS.
Parameter Tiers
| Standard | Advanced | |
|---|---|---|
| Number of params / region | 10,000 | 100,000 |
| Max size of param value | 4kb | 8kb |
| Parameter policies | No | Yes |
| Cost | Free | $0.05 per parameter / month |
You can change a standard parameter to an advanced parameter at any time, but you can’t revert an advanced parameter to a standard parameter.
Reverting an advanced parameter to a standard parameter *would result in data loss because the system would truncate the size of the parameter from 8kb to 4kb.
Parameter Policies
Parameter policies are helpful in forcing you to update or delete passwords
using asynchronous, periodic scans. After you create a policy, you don’t need to perform additional actions to enforce the policy.
You can assign multiple policies to a parameter.
Expiration : This policy deletes the parameter after a specified date and time
ExpirationNotification : This policy triggers an event in Amazon CloudWatch events that notifies you about the upcoming expiration
NoChangeNotification : This policy triggers an event in CloudWatch if a parameter has not been modified for a specified period of time. This policy type is useful when, for example, the password needs to be changed within a period of time.