AWS Systems Manager Parameter Store and AWS Secrets Manager are both used to manage configuration data and secrets securely. However, they serve slightly different purposes and have different features.

Note Parameter Store is a feature of of Systems Manager. So its path is as follows:

When to Use Parameter Store

Parameter Store is ideal when:

• You need to store less sensitive configuration data, such as application settings, environment variables, or non-critical credentials.
• You want a straightforward way to store key-value pairs.
• You require hierarchical organization of parameters, allowing you to organize parameters by path (e.g., /dev/db/hostname).
• You are looking for a service that is integrated with AWS services such as AWS Lambda, EC2, and CloudFormation without additional costs (for standard parameters).

Key Features of Parameter Store

• Standard and Advanced Parameters: Standard parameters are free up to 10,000 parameters per account, and advanced parameters have a cost and allow larger value sizes and more frequent parameter updates.
• Secure Strings: You can store sensitive data as secure strings, encrypted using AWS KMS.
• Parameter Versioning: Every update to a parameter creates a new version.
• Automation & Notifications: Integrates with AWS services for automation and notifications.

How to Use Parameter Store in Lambda, and Node.js Applications

1. Setting Up Parameters in Parameter Store

Create a Parameter:

• Go to the AWS Systems Manager Console.
• Navigate to Parameter Store under Application Management.
• Click Create parameter.
• Enter a Name (you can use a hierarchical structure like /myapp/dev/db-password).
• Select a Type (String, StringList, or SecureString).
• Enter the Value.
• Click Create parameter.

2. Accessing Parameters

To access the parameter in a Lambda function, you’ll use the AWS SDK for JavaScript (v3):

1. Install the AWS SDK:

npm install @aws-sdk/client-ssm

2. Access the Parameter:

import { SSMClient, GetParameterCommand } from "@aws-sdk/client-ssm";

const getParameterValue = async (parameterName: string): Promise<string | undefined> => {
  const client = new SSMClient({ region: "your-region" });
  const command = new GetParameterCommand({
    Name: parameterName,
    WithDecryption: true,  // Set to true for SecureString
  });

  try {
    const data = await client.send(command);
    return data.Parameter?.Value;
  } catch (err) {
    console.error("Error fetching parameter:", err);
    throw err;
  }
};

// Example usage
getParameterValue("/myapp/dev/db-password").then(value => console.log(value)).catch(console.error);

Best Practices

• Hierarchical Parameter Naming: Use a structured naming convention to organize your parameters (/app/environment/service/parameter-name).
• Secure Strings: Use SecureString for any sensitive information, such as passwords or API keys.
• Least Privilege Access: Ensure that only the necessary IAM roles and users have access to the parameters, especially those marked as SecureString.
• Environment-Specific Parameters: Store different parameters for different environments (e.g., /myapp/dev/, /myapp/prod/) to manage configuration for multiple environments.

By following these steps and best practices, you can securely and effectively manage your application's configuration and secrets using AWS Systems Manager Parameter Store.