Create a Systems Manager parameter (console) - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create a Systems Manager parameter (console)

You can use the Amazon Systems Manager console to create and run String, StringList, and SecureString parameter types. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.


Parameters are only available in the Amazon Web Services Region where they were created.

The following procedure walks you through the process of creating a parameter in the Parameter Store console. You can create String, StringList, and SecureString parameter types from the console.

To create a parameter
  1. Open the Amazon Systems Manager console at

  2. In the navigation pane, choose Parameter Store.


    If the Amazon Systems Manager home page opens first, choose the menu icon ( 
    The menu icon
  ) to open the navigation pane, and then choose Parameter Store.

  3. Choose Create parameter.

  4. In the Name box, enter a hierarchy and a name. For example, enter /Test/helloWorld.

    For more information about parameter hierarchies, see Working with parameter hierarchies.

  5. In the Description box, type a description that identifies this parameter as a test parameter.

  6. For Parameter tier choose either Standard or Advanced. For more information about advanced parameters, see Managing parameter tiers.

  7. For Type, choose String, StringList, or SecureString.

    • If you choose String, the Data type field is displayed. If you're creating a parameter to hold the resource ID for an Amazon Machine Image (AMI), select aws:ec2:image. Otherwise, keep the default text selected.

    • If you choose SecureString, the KMS Key ID field is displayed. If you don't provide an Amazon Key Management Service Amazon KMS key ID, an Amazon KMS key Amazon Resource Name (ARN), an alias name, or an alias ARN, then the system uses alias/aws/ssm, which is the Amazon managed key for Systems Manager. If you don't want to use this key, then you can use a customer managed key. For more information about Amazon managed keys and customer managed keys, see Amazon Key Management Service Concepts in the Amazon Key Management Service Developer Guide. For more information about Parameter Store and Amazon KMS encryption, see How Amazon Systems ManagerParameter Store Uses Amazon KMS.


      Parameter Store only supports symmetric encryption KMS keys. You can't use an asymmetric encryption KMS key to encrypt your parameters. For help determining whether a KMS key is symmetric or asymmetric, see Identifying symmetric and asymmetric KMS keys in the Amazon Key Management Service Developer Guide

    • When creating a SecureString parameter in the console by using the key-id parameter with either a customer managed key alias name or an alias ARN, specify the prefix alias/ before the alias. Following is an ARN example.


      Following is an alias name example.

  8. In the Value box, type a value. For example, type This is my first parameter or ami-0dbf5ea29aEXAMPLE.


    Parameters can't be referenced or nested in the values of other parameters. You can't include {{}} or {{ssm:parameter-name}} in a parameter value.

    If you chose SecureString, the value of the parameter is masked by default ("******") when you view it later on the parameter Overview tab. Choose Show to display the parameter value.

                                    A SecureString parameter's value is masked on the
                                        Overview tab
  9. (Optional) In the Tags area, apply one or more tag key-value pairs to the parameter.

    Tags are optional metadata that you assign to a resource. Tags allow you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:

    • Key=Resource,Value=S3bucket

    • Key=OS,Value=Windows

    • Key=ParameterType,Value=LicenseKey

  10. Choose Create parameter.

  11. In the parameters list, choose the name of the parameter you just created. Verify the details on the Overview tab. If you created a SecureString parameter, choose Show to view the unencrypted value.


You can’t change an advanced parameter to a standard parameter. If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, delete it and recreate it as a new standard parameter.