In today’s world, serverless computing is gaining popularity as it offers technologies for running code, managing data, and integrating applications, all without managing servers. It eliminates the infrastructure management tasks so developers can focus on application development.

One of the requirements of serverless development is storage for configuration data management and secrets management. Developers need to store data such as passwords, database strings, etc., at some point.

Luckily, Parameter Store, a capability of AWS Systems Manager, provides secure, hierarchical storage for configuration data management and secrets management that works well in serverless development. Developers can store values as plain text or encrypted data and can store different logins and reference streams.

For this article, we will demonstrate how Parameter Store can be used for serverless development as it integrates well with Lambda functions.

We will create a simple Lambda function that retrieves values from Parameter Store.

Let’s start.

Step 1. Creating the IAM Role for the Lambda function

• In the AWS Management Console, go to IAM > Roles > Create role
  Under the Trusted entity type, choose AWS service
  Use case > Lambda
  Click Next

  

• On the next page, search for AmazonSSMReadOnlyAccess managed policy
  Click the checkbox next to it
  Choose Next

  

• Enter a Role name
  For this example, let’s name it lambda-ssm-read-only

  

  Scroll down and click Create role

  

• This will create the IAM Role that the Lambda function will use

  

Step 2. Creating Parameters in the Parameter Store to be read by the Lambda function

• Go to the AWS Systems Manager > Parameter Store
  Click Create parameter

  

   

• Let’s first create a plain text parameter
  Enter Name, for this example /tutorials-dojo/string/parameter
  Under Type, choose String
  Data type > text
  Enter a Value that you want to be retrieved by the Lambda function
  When done, click Create parameter

  

   

• This will create the parameter.
  Let’s make another one
  This time let’s do a parameter with an encrypted value
  Click Create parameter

  

   

• Enter Name
  For this example,/tutorials-dojo/secure-string/parameter
  In Type, choose SecureString
  Enter a Value
  When complete, click Create parameter

  

   

• The two types of parameters are ready to be retrieved by the Lambda function

  

Step 3. Creating the Lambda function

• Go to the Lambda dashboard
  Click Create a function

  

   

• Choose Author from scratch
  Under Basic information, enter a Function name
  For this example getValuesFromSSM
  In the Runtime, choose Python 3.9

  

   

• Expand the Change default execution role
  Choose Existing role
  In the drop-down list, choose the IAM Role we created in Step 1
  For this example lambda-ssm-read-only
  Click Create function

  

   

• This will create the Lambda function

  

   

• Scroll down, then click the Configuration tab
  Choose Environment variables
  Let’s create two that will serve as the placeholder for the Parameters in Parameter Store
  Click Edit

  

   

• Click Add environment variable
  In the Key, enter a value
  For this example, PLAIN_TEXT and ENCRYPTED
  Under PLAIN_TEXT, enter the name of the SSM parameter that has a String type
  (for this example: /tutorials-dojo/string/parameter)
  In ENCRYPTED, enter the name of the SSM parameter that has a SecureString type
  (for this example: /tutorials-dojo/secure-string/parameter)
  Click Save when done

  

   

• In the Code tab, paste the script that will allow the Lambda function to retrieve the SSM Parameter values
  and print it

  

• Now let’s create a test event for the function
  Click Test > Configure test event

  

   

• Enter an Event name
  For this example TestEvent
  Leave defaults

  

  Scroll down and click Save

  

• Now click Deploy to save the code changes

  

   

• Click Test to see if the Lambda function retrieves the SSM parameter values

  

   

• This will run the function, and a new tab will pop
  Check the Execution result
  Under the Function Logs, we can see the values of the SSM Parameters are both printed successfully

  

   

• Now let’s try to change the value of one SSM parameter
  Go to the AWS Systems Manager > Parameter Store
  For this example, let’s edit the value of /tutorials-dojo/string/parameter
  Modify the value and click Save changes when done

  

   

• Now let’s try to run the Lambda function again
  As you can see, the new value of the String type parameter reflected on the Lambda function
  This proves that the Lambda function is working and is retrieving the SSM parameter values successfully

  

Storing values in AWS Systems Manager Parameter Store is one of the popular ways if you want a dynamic way to store values based on the environment and is a centralized way to manage configuration data. It offers the following benefits:

• Use a secure, scalable, hosted secrets management service with no servers to manage.

• Improve your security posture by separating your data from your code.

• Store configuration data and encrypted strings in hierarchies and track versions.

• Control and audit access at granular levels.

• Store parameters reliably because Parameter Store is hosted in multiple Availability Zones in an AWS Region.