Menu
Amazon EC2 Systems Manager
User Guide

Systems Manager Parameter Store

Amazon EC2 Systems Manager Parameter Store provides secure storage for configuration data such as passwords, database strings, and license codes. You can store parameters as plain text or as encrypted objects. You can then reference these parameters in your scripts and commands without having to type parameters in plain text. Additionally, you can reference parameters across your AWS configuration and automation workflows. This improves your overall security posture.

Parameter Store also simplifies the process of managing configuration data by storing the data in one, secure location instead of in configuration files across your fleet. You can reference parameters across AWS services such as Amazon EC2 Container Service and AWS Lambda. You can also reference parameters in other Systems Manager capabilities such as Run Command, State Manager, and Automation.

Parameter Store integrates with AWS Identity and Access Management (IAM) to control parameter access. You can specify which users have access to parameters and on which resources those parameters can be used. Parameter Store integrates with AWS Key Management Service so that you can encrypt your sensitive information and protect the security of your keys. Additionally, AWS CloudTrail records all calls to Parameter Store so that you can audit usage.

Getting Started with Parameter Store

To get started with Parameter Store, complete the following tasks.

Task For More Information

Learn about Systems Manager Parameters

About Parameter Store Parameters

Learn about how to use different types of Systems Manager parameters

Using Parameters

Using Secure String Parameters

Configure access to Systems Manager parameters

Control Access to Systems Manager Parameters

Create a parameter using either the Amazon EC2 console or the AWS CLI

Systems Manager Parameter Store Walkthroughs

Related Content

The following blog posts provide additional information about Parameter Store and how to use this capability with other AWS services.