- Newest
- Most votes
- Most comments
Hello!
Before setting up parameters in Parameter Store, you must first configure AWS Identity and Access Management (IAM) policies that provide users in your account with permission to perform the actions you specify. You can also create and assign policies to control which parameter actions can be run on a managed node. The AWS Systems Manager Parameter Store documentation has great information for Restricting access to Systems Manager parameters using IAM policies.
AWS CloudTrail captures API calls made in the AWS Systems Manager console, the AWS Command Line Interface (AWS CLI), and the Systems Manager SDK. You can view the information in the CloudTrail console or in an Amazon Simple Storage Service (Amazon S3) bucket. This allows you to be able to see any interactions with your parameters.
Hope this helps!
Hi, System Parameters are protected by various kind of authorizations. Source: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html
DeleteParameter
DeleteParameters
DescribeParameters
GetParameter
GetParameters
GetParameterHistory
GetParametersByPath
PutParameter
For example,
When using IAM policies to restrict access to Systems Manager parameters, we
recommend that you create and use restrictive IAM policies. He he following
policy allows a user to call the DescribeParameters and GetParameters API
operations for a limited set of resources. This means that the user can get information
about and use all parameters that begin with prod-*.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeParameters"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:GetParameters"
],
"Resource": "arn:aws:ssm:us-east-2:123456789012:parameter/prod-*"
}
]
}
Read the full paged linked above to get all details on how to achieve it,
Best,
Didier
Relevant content
- asked a month ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 8 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 9 months ago
