AWS SSM parameter store reliability
Question
I am looking at using AWS SSM Parameter Store to store secrets such as database connection strings for applications deployed on EC2, Elastic Beanstalk, Fargate docker containers etc).
The linked document states that the service is Highly scalable, available, and durable , but I can't find more details on what exactly that means. For example, is it replicated across all regions?
Is it best to:
a) read secrets from the parameter store at application startup (ie rely on it being highly available and scalable, even if, say, another region has gone down)?
or
b) read and store secrets locally when the application is deployed? Arguably less secure, but it means that any unavailability of the Parameter Store service would only impact deployment of new versions.
2 answers
solution1
1 ACCPTED 2018-09-14 16:12:44
If you want to go with the parameter store go with your option a. And fail the app if get parameter call failed. (This happens, I have seen rate limiting happening for Parameter Store API requests) See here .
Or
The best option is AWS secrets manager . Secrets manager is a superset of the parameter store. It supports RDS password rotation and many more. Also its paid .
solution2
0 2019-01-28 19:38:50
Just checked the unthrottled throughput of SSM. It is not in the spec, but it is ca. 50req/s.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.