Parameter Store has slowly become one of my favorite things about AWS. It makes it easy to share things between ECS tasks and services, and Lambdas. The parameters can be references inside of a CodeBuild
buildspec file, and it’s all language agnostic, which is handy if you are running different technologies across your infrastructure.
With support for both
SecureString parameter types, you can choose your own adventure in terms of how securely stored a parameter needs to be. I opt to use
SecureString for anything sensitive (passwords, API keys, and such) and
String for just about everything else.
While there is also a
StringList type, I do not ever use it. I’m sure it’s a fine parameter type, but as all it does is store a comma separated list of strings, and does not have a
SecureStringList counterpart, I do not see the need in reaching for it.
So let’s say you have a mix of
SecureString parameters. We know that if we want to fetch a
SecureStringwe have to pass in the
WithDecryption parameter when making the request. Does that mean we’ll have to make separate requests, one with
WithDecryption and one without
WithDecryption (or with it set to
Nope, as it turns out, the
WithDecryption value can be set when getting plain ol ‘
String parameter types. It’s smart enough to know that the value does not need decrypted and will return the value. Because of this, we can fetch both
SecureString parameter types together:
import * as AWS from 'aws-sdk'; const ssm = new AWS.SSM(); const parameters = await ssm.getParameters( Names: ['insecureParam', 'secureParam'], WithDecryption: true, ).promise();
Good stuff? Want more?
Weekly emails about technology, development, and sometimes sauerkraut.
100% Fresh, Grade A Content, Never Spam.