AWS secure storage for shared configurations

Question

I have a bunch of applications on AWS and some of the configurations (Database connection strings, API keys, etc.) are used by multiple applications. So is there a way to store all configurations in some secure storage with convenient API? Does AWS provide this kind of service?

Answer 1

Check out the new Systems Manager Parameter Store, which is designed for the secure, centralized management of application secrets.

AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. Highly scalable, available, and durable, Parameter Store is backed by the AWS Cloud. Parameter Store is offered at no additional charge and includes generous limits

The Parameter Store service offers advantages over using S3 - a common way to secure secrets before the Parameter Store. These advantages include:

• Easy creation of namespaces to support different stages of the application lifecycle.
• KMS integration that abstracts parameter encryption from the application while requiring the instance or container to have access to the KMS key and for the decryption to take place locally in memory.
• Stored history about parameter changes.
• A service that can be controlled separately from S3, which is likely used for many other applications.
• A purpose-built configuration data store, reducing overhead from implementing multiple systems.
• No usage costs.