AWS Secrets Manager vs Systems Manager Parameter Store
What is AWS Secrets Manager?
✓ it's an AWS service offerings to store secrets.
✓ it gives benefits of cross account sharing.
✓ it's also has cross region replication feature.
✓ it's supports resources based policy, using which we can restrict access to this resource.
✓ it's supports password or key creation or rotation as an inbuilt feature.
✓ encryption is enabled for the every secrets manager variable created.
✓ it can help you store upto 4096 charcters.
✓ yes, using intrinsic function we can refer this resource from cloud formation templates.
✓ it's comes with cost of $0.40 per secrets stored.
✓ additionally it's cost $0.05 per every 10,000 API calls.
Good to store: Database creds, API keys, any secrets strings that must be encrypted along with periodic rotation.
What is AWS Systems Manager Parameter Store?
✓ it's an AWS service offerings to store any secrets, strings, urls, common values.
✓ it is account specific, no cross account sharing.
✓ it does not have resource policy option, but has parameter policies like Expiration, Expiration Notification, No Change Notification.
✓ it's does not have rotation options.
✓ it's gives you flexiblity to choose encryption.
✓ it offers three {String, String List, Secure String} different type of options to stores the values.
✓ it's also has two {Standard, Advanced} categories to create parameters.
✓ Standard parameters:
~ Limit of 10,000 parameters, can store size of upto 4kb.
~ Parameter policies are not available.
~ No additional charges.
✓ Advanced parameters:
~ Can create more than 10,000 parameters, can store size of upto 8kb.
~ Parameters policies are available.
~ Charges apply.
✓ yes, using intrinsic function we can refer this resource from cloud formation templates.
Good to store: Any common values, strings, secure strings, Urls and creds as well by enabling encryption. Can take Free of cost benifits when using standard category.
Stay tuned, until next time✍️
Bye :)
Comments