100 Days of AWS — Day 21- AWS System Manager — Part 2
To view the complete course, please enroll it using the below link(it’s free)
https://www.101daysofdevops.com/courses/100-days-of-aws/
Welcome to Day 21 of 100 Days of AWS. The topic for today is AWS System Manager — Part 2. To check the first part https://www.101daysofdevops.com/courses/100-days-of-aws/lessons/day-20-aws-system-manager-part-1/
Today we are going to explore few more features with AWS System Manager.
What is AWS Systems Manager State Manager
- AWS Systems Manager State Manager is a secure and scalable configuration management service that automates the process of keeping your Amazon EC2 and hybrid infrastructure in a state that you define.
- One of the use case I found out of AWS System Manager State Manager is to run the command on a scheduled basis(eg: SnapShot Creation)
- Go To Node Management → State Manager → Create association
- Under Provide association details give some name and under Document name search for AWS-CreateSnapshot
- In the Provide associations details give name, under Document name search for
- Fill all the details like instance id, schedule, arn etc. Click on Create Associations.
- But I believe there is a much better way to achieve this using data life cycle manager. Check the below blog for more info
AWS Systems Manager Parameter Store
AWS System Manager Parameter store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as:
- passwords
- database strings
- license codes
Which you can then be programmatically accessed via the SSM API.
Parameter store is offered at no additional charge(unless you are going with advanced option, check this link for more info https://aws.amazon.com/systems-manager/pricing/)
Go to the parameter store https://us-west-2.console.aws.amazon.com/systems-manager/parameters → Create parameter. Give your parameter some name, select Type as String and then give your parameter value you want to store. Click on Create parameter at the bottom of the screen.
- If you want to retreieve the secret via commandline
aws ssm get-parameters --names "my-test-parameter"{"Parameters": [{"Name": "my-test-parameter","Type": "String","Value": "abc123","Version": 1,"LastModifiedDate": "2022-04-25T15:29:52.540000-07:00","ARN": "arn:aws:ssm:us-west-2:XXXXXXX:parameter/my-test-parameter","DataType": "text"}],"InvalidParameters": []}
- To store the secret string, under Type select SecureString. Under KMS key either select the AWS provided key or you can use your own key.
- To get the secret via command line, this time you need to use — with-decryption flag
aws ssm get-parameters --names "my-secure-secret" --with-decryption{"Parameters": [{"Name": "my-secure-secret","Type": "SecureString","Value": "abc123","Version": 1,"LastModifiedDate": "2022-04-25T15:33:41.781000-07:00","ARN": "arn:aws:ssm:us-west-2:XXXXX:parameter/my-secure-secret","DataType": "text"}],"InvalidParameters": []}
- To create the secret via command line
aws ssm put-parameter --name "secret-password" --value 'abc123' --type SecureString --key-id arn:aws:kms:us-west-2:XXXXX:key/XXXXX{"Version": 1,"Tier": "Standard"}