Accessing AWS System Parameter Store using AWS SDK for Python (Boto3)

AWS system parameter store can be accessed from codes of various programming languages and platforms. (e.g., Java, Python, Ruby, .NET, iOS, Android, and others) In this blog post, we will see how AWS system parameter store can be accessed using AWS SDK for python (Boto3).

There is no way to hide or prevent people from seeing the code, but making it obfuscate would be hard to reuse it again. It is also difficult to follow the obfuscation and maintain the code in the long run.

To make it simple and secure, the AWS system parameter store helps store values, secure information such as passwords, database strings, Amazon Machine Image (AMI) code IDs while running.

It is a serverless, scalable, easy to manage hosted secrets management service that separates sensitive data from codes such as plain text or encrypted data.

Creating a parameter in AWS system parameter

The parameter can be created in two different ways, one of which is in the management console and the other is to create using AWS CLI.

 

  • Parameter creation using the management console in AWS:
  • Parameter creation using AWS CLI:

In the example above, the parameter was created with the name – “Account-password” and the value – “12345678.” Once the parameters are stored in the Parameter store, the AWS Python SDK can be accessed to the query.

Accessing the parameter in AWS SDK for python (Boto3)

Using a simple function, the parameter can be accessed from the parameter store.

Demonstrating the function to get the parameter value.

If permissions to access SSM via IAM are granted to the user in the account, then AWS Access Key ID and Secret Key are not required while using other AWS services such as glue, lambda, etc.

Outcome:

By using the AWS Systems Manager Parameter Store, the use of passwords or credentials to secure data during execution can be avoided, and this helps any customer to have a unified way to manage data.

Users can be notified if an attempt is made to change the data or passwords using trigger actions based on the store event parameter.

This should be the easiest way to integrate the python AWS SDK with the SSM parameter store.

Written by ;

Sowmya S

and

Umashankar N

In Blog
Subscribe to our Newsletter1CloudHub