AWS Systems Manager Parameter Store provides secure storage for secrets management. You can store data such as passwords, database strings etc  parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter.

In this lab we will demo how to store and retrieve ssm parameters.

 

Step 1:First of all install AWS CLI on your ec2 if you don’t have it:

Then type : aws configure and hit enter for the first two fields and the last field. For the third field of region, enter us-east-1 ( or region of your choice)

Step 2: Create a role with full ssm access.

Step 3: Attach the role to EC2

Step 4: Run the command to store a ssm parameter from ec2

Step 5: You stored a parameter which is not secure. Now retrieve the parameter with this command. You will see the output return your value for the key (name) specified.

Step 6: Now let’s try yo store a secure string on SSM

Step 7: Retrieve the securestring with this command

Step 8: You see that you’re given an encrypted value.

Step 9: Describe the parameter with this command

Step 10: You can see that the parameter is encrypte with the keyId of “alias/aws/ssm”

Step 11: Try to get the decrypted key with this command:

 Step 12: From a privileged session( a user that has  access to a user managed KMS key. In this case key with an alias of mykey ) add a new parameter to ssm parameter store

Step 13: From your EC2 with ssm-full-access-role enter this command

** You’re not able to decrypt because you don’t have access to that KMS key

 

Step 14: Add The ssm-full-access-role to key users in KMS service (found under IAM). I choose to do this with an Inline policy

Step 15: Enter the command in step 13 again

Congratulations !  You’re able to decrypt and access the secure ssm parameter now.

Tags:

3
Leave a Reply

Please Login to comment
  Subscribe  
newest oldest most voted
Notify of

Hello There. I discovered your blog the usage of msn. That is a very smartly written article. I will make sure to bookmark it and return to read more of your useful info. Thanks for the post. I will certainly return.

Some truly wonderful work on behalf of the owner of this internet site, perfectly outstanding subject material.

I like what you guys are up too. Such smart work and reporting! Keep up the excellent works guys I have incorporated you guys to my blogroll. I think it will improve the value of my website 🙂