Parameter store provides a centralized store to manage your configuration data, whether plain-text data such as database strings or secrets such as passwords, encrypted through AWS KMS. With Parameter store, your critical information stays within your environment, saving you the manual overhead of storing and managing it in configuration files. Parameters can be easily re-used across your AWS configuration and automation workflows without having to type them in plain-text, improving your security posture. Parameters can be easily referenced across AWS services such as Amazon ECS and AWS Lambda, as well as other EC2 Systems Manager capabilities such as Run Command, State Manager, and Automation.

Through integration with AWS Identity and Access Management, you can provide access control to specific parameters, letting you provide access to the data only to the users who need them and on which resources they can be used. AWS Key Management Service (KMS) integration helps you encrypt your sensitive information and protect the security of your keys. Additionally, all calls to the parameter store are recorded with AWS CloudTrail so that they can be audited.

Get Started >>

Amazon EC2 Systems Manager is now generally available

Try Amazon EC2 Systems Manager for Free

You can create a secure string parameter with your domain join password, and then easily refer that password in your document as part of your State Manager association. Rather than remembering the domain password or giving it to someone to type in plain text, you create a parameter, provide access to the right users and easily refer it using a simple syntax.


Control access to specific parameters such as passwords, and also who can perform what set of operations on those parameters.

Easily deploy containerized applications across your Dev, Test, and Production environments at scale by creating environment-specific parameters and referencing them in your workflows. Also, perform on-going configuration management such as health checks at scale without having to type passwords in plain or clear text to log in to the instance.