AWS Management Tools Blog

Use Parameter Store to Securely Access Secrets and Config Data in AWS CodeDeploy

by Ananth Vaidyanathan | on |

Customers use AWS CodeDeploy to automate application deployment because it provides a uniform method for:

  • Updating applications across development, staging, and production environments.
  • Handling the complexity of updating applications and avoiding service downtime.

However, deploying and configuring applications often requires access to secrets and configuration data, such as API keys or database passwords, in source code. This is challenging because:

  • Config data might be hard-coded in plaintext in the source code or accessed from config files (or other locations) manually. This is not scalable, and more important, from a security standpoint, not recommended.
  • Providing granular access control is difficult, especially if the parameters are used in customer-facing or production infrastructure.
  • Data is sometimes stored outside your environment crossing trust boundaries, and requiring more tools to manage.

You’ll find more information about Parameter Store in a blog post, Managing Secrets for Amazon ECS Applications Using Parameter Store and IAM Roles for Tasks, recently published by my colleague, Stas Vonholsky.

In this blog post, I will talk about how you can simplify your AWS CodeDeploy workflows by using Parameter Store to store and reference a configuration secret. This not only improves your security posture, it also automates your deployment because you don’t have to manually change configuration data in your source code.


Interesting Articles on EC2 Systems Manager Parameter Store

by mt | on |

Recently, we have seen a few interesting articles on using Parameter Store, part of EC2 Systems Manager, to store and access secrets on AWS.

In his post, Simple Secrets Management via AWS’ EC2 Parameter Store, Matt Adorjan shows how to protect your AWS environment by securely storing secrets with Parameter Store and controlling access to secrets with AWS Identity and Access Management (IAM).

In the Secrets in AWS post, Stephen Price describes how you can use Parameter Store to manage and use secrets in your favorite programming language. This Parameter Store capability makes it easy to handle secrets for cloud-based architectures, such as microservices or containerized applications.

Finally, in the Using Parameter Store with AWS CodePipeline post by Trey McElhattan from Stelligent, you can learn about using Parameter Store and AWS CodePipeline as part of your continuous delivery pipeline.

Analyze Security, Compliance, and Operational Activity Using AWS CloudTrail and Amazon Athena

by Stas Neyman | on |



A few days ago, The AWS Big Data Blog published a new blog post: “Analyze Security, Compliance, and Operational Activity Using AWS CloudTrail and Amazon Athena.”

In this blog post, AWS Professional Services Consultant Sai Sriparasa shows how to set up and use the recently released Amazon Athena CloudTrail SerDe to query AWS CloudTrail log files for Amazon EC2 security group modifications, console sign-in activity, and operational account activity. This post assumes that you already have CloudTrail configured.

To read the whole post, see Analyze Security, Compliance, and Operational Activity Using AWS CloudTrail and Amazon Athena.

Using AWS OpsWorks for Chef Automate to Manage EC2 Instances with Auto Scaling

by Stas Neyman | on |

Amazon EC2 instances are often created and destroyed as demand dictates. Auto Scaling is great for dynamically scaling servers so that EC2 resources are consumed only when they are necessary. This blog post will show you how to connect EC2 instances created by an Auto Scaling group to an AWS OpsWorks for Chef Automate server. When EC2 instances are launched in an Auto Scaling group, they will be added to the Chef Automate node list and configured. New nodes will be added automatically when the group scales up and removed when it scales down.

A Year in AWS Config and AWS Config Rules

by mt | on |

AWS Config is a fully managed service that provides AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. You can use AWS Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. Over the last year, we expanded the service coverage for Config in 7 new regions, and expanded support for Config rules in 9 new regions. We added support for 15 resource types from 6 new services, and developed 18 new managed rules. Let’s look back on these significant new features and updates to Config and Config Rules that we introduced in 2016.


A Review of AWS CloudFormation Releases in 2016

by mt | on |

AWS CloudFormation allows developers and systems administrators to create and manage a collection of related AWS resources (called a stack) by provisioning and updating them in an orderly and predictable way. In this blog post, we will look back on the CloudFormation features and updates introduced in 2016, including:

  • New AWS resources you can provision with CloudFormation.
  • AWS CodePipeline integration to enable continuous delivery of infrastructure.
  • Support for YAML and the AWS Serverless App Model (AWS SAM) to improve the developer experience.
  • Change sets and cross-stack references to enhance ClouldFormation stack management capabilities.


Introducing the AWS Management Tools Blog

by mt | on |

Today, we are excited to launch the new Management Tools Blog. The AWS Management Tools are a group of services that help you provision, configure, monitor, track, audit, and cost manage your AWS and on-premises resources.

This blog will cover a range of topics, including new feature updates, tips and tricks, as well as sample apps and templates. In addition to providing deep technical coverage of the latest features, we will also spend time discussing existing features and use-cases for the suite of Management Tools services. We hope this blog will be a useful resource in helping you operate your infrastructure at scale on AWS.

To see future updates, check back often, follow our social media accounts, or subscribe to our blog using the RSS feed button at the top of the page.