Blog Post: Handling Secrets with AWS
category: AWS Serverless
Excellent look at Systems Manager Parameter Store and AWS Secrets Manager.
"[Systems Manager Parameter Store] is my go-to answer for managing secrets, specifically via its SecureString parameter type. I either teach my code to make Parameter Store calls when it needs the relevant credential, or else I render it and deliver it to the container or Lambda function at deploy time as an environment variable; both of these patterns have been “approved” by AWS in various ways. It has the added bonus of being completely free, at least until you get into whatever the hell “advanced parameters” are."
"The big and arguably only downside to Secrets Manager is significant: its cost. Secrets Manager charges a whopping 40¢ per secret per month; for context, that’s more than it costs to store 17GB of data within S3 for the same time period. Additionally it charges 5¢ per every 10,000 API calls; combined with its ability to do 5K transactions per second, the numbers rapidly become rather terrifying."
"[Systems Manager Parameter Store] is my go-to answer for managing secrets, specifically via its SecureString parameter type. I either teach my code to make Parameter Store calls when it needs the relevant credential, or else I render it and deliver it to the container or Lambda function at deploy time as an environment variable; both of these patterns have been “approved” by AWS in various ways. It has the added bonus of being completely free, at least until you get into whatever the hell “advanced parameters” are."
"The big and arguably only downside to Secrets Manager is significant: its cost. Secrets Manager charges a whopping 40¢ per secret per month; for context, that’s more than it costs to store 17GB of data within S3 for the same time period. Additionally it charges 5¢ per every 10,000 API calls; combined with its ability to do 5K transactions per second, the numbers rapidly become rather terrifying."
Link (blog post):
https://www.lastweekinaws.com/blog/handling-secrets-with-aws/