Parameter Store

What is Parameter Store?

Parameter Store provides secure, hierarchical storage for configuration data and secrets management with built-in version control.

Hierarchical: Organize with path-based structure

Versioned: Track parameter changes over time

Encrypted: KMS encryption for sensitive data

Parameter Types

String

Plain text data, up to 4KB (Standard) or 8KB (Advanced)

StringList

Comma-separated values, same size limits

SecureString

Encrypted with KMS, for sensitive data

Standard Tier

Parameters: 10,000 per account/region

Size: Up to 4KB per parameter

Policies: Not available

Cost: Free

Advanced Tier

Parameters: 100,000 per account/region

Size: Up to 8KB per parameter

Policies: Expiration, notifications

Cost: $0.05 per parameter/month

Hierarchical Structure Example

                            /myapp/

                              /dev/

                                /database/url

                                /database/password

                                /api/key

                              /prod/

                                /database/url

                                /database/password

                                /api/key

Expiration

Set expiration date
EventBridge notification
Automatic deletion option
Advanced tier only

Notifications

Parameter changes
Expiration warnings
EventBridge integration
SNS notifications

Versioning

Automatic version tracking
Up to 100 versions
Retrieve specific versions
Version labels support

Integration

Lambda environment variables
ECS task definitions
CloudFormation
Secrets Manager reference

Security

IAM-based access control
KMS encryption for SecureString
CloudTrail logging
VPC endpoint support

Retrieval

Get single parameter
Get by path (hierarchical)
Batch retrieval
Decrypt on retrieval

vs Secrets Manager

Parameter Store: Free (Standard)
Secrets Manager: $0.40/secret
No automatic rotation in PS
PS better for config data

Exam Strategy Tip

Remember: Parameter Store Standard tier is free with 10,000 parameters. Use hierarchical paths for organization. SecureString type uses KMS encryption. Choose Parameter Store for configuration data, Secrets Manager for automatic rotation.

Back to Patch Manager Next: Automation