Posted On: Jun 22, 2017
Amazon EC2 Systems Manager now supports parameter hierarchy, tagging, and notifications, available through the Parameter Store capability.
Previously, managing parameters in multiple deployment environments required creating different parameters, even though each environment could have similar secrets or variables. This made it hard to organize, track, and manage parameters. Now you can use parameter hierarchy to define a parameter within a path, adding organizational structure and reducing the manual overhead of creating multiple parameters. This also allows you to query parameters by a path and create a single AWS Identity and Access Management (IAM) policy to manage similar parameters. Parameters can still individually be deleted or set to IAM policies, but now you can also perform these actions in bulk by specifying hierarchy paths.
Parameters can now also be tagged, allowing you to easily categorize, filter, and control access depending on your business or IT needs. Tagging can be used with IAM policies to increase the control and security of parameters. For example, production passwords can be tagged and an IAM policy can be created that restricts access to only list the parameters, not the values. This creates a dynamic IAM policy depending on which parameters are included in the tag.
Additionally, notifications and events can now be triggered based on the state of the parameter. You can receive an Amazon Simple Notification Service (SNS) alert when a parameter is updated, deleted, or accessed. Through Amazon CloudWatch Events, a change to a parameter could initiate an AWS Lambda function, such as when you want to reset database connections when a password is updated.
Systems Manager is available in all regions.
For more information about Systems Manager Parameter Store, visit our Product Page.