Amazon Systems Manager Parameter Store
Parameter Store enables you to securely store, organize, and retrieve simple configuration data at scale. It is designed to simplify configuration management across environments, allowing teams to standardize how applications access critical data without hardcoding values or relying on fragmented storage solutions.
Beyond simple storage, Parameter Store provides versioning, access control through Amazon Identity and Access Management (IAM), and seamless integration with other Amazon services such as Amazon EC2, Lambda, and Amazon CloudFormation. This enables dynamic configuration updates without requiring code changes or redeployments, improving operational agility and reducing risk. With features like hierarchical naming, parameter policies, and change tracking, Parameter Store helps teams maintain consistency, enforce governance, and build more secure and maintainable systems.
Parameter Store supports String,
StringList, and SecureString parameter types. String and StringList parameter values are stored as plain text. SecureString parameters encrypt values using Amazon Key Management Service, making them a practical choice for lightweight encrypted configuration values that don't require rotation or other advanced secret lifecycle capabilities. For more information about parameter types, see Understanding parameter types
Note
If you manage credentials that require automatic rotation, cross-account access, or fine-grained audit logging, we recommend using Amazon Secrets Manager. Secrets Manager is purpose-built for managing secrets such as database credentials, API keys, and supported third-party software-vended secrets. For more information, see What is Amazon Secrets Manager? in the Amazon Secrets Manager User Guide.
Here are some examples of the types of configuration data you can store and manage in Parameter Store:
Database connection strings (non-rotating) – jdbc:mysql://host:3306/appdb
Application environment variables – ENV=production, LOG_LEVEL=debug
Service endpoint URLs – internal microservice endpoints or third-party base URLs
Resource identifiers – S3 bucket names, DynamoDB table names, ARNs
Application tuning parameters – cache TTLs, batch sizes, polling intervals
Note
We don't recommend using Parameter Store for the following types of configuration data:
Feature flags
Operational levers like timeouts
Allow lists and block lists
Circuit breakers
Dynamic configurations
For these types of configuration data, use Amazon AppConfig. For more information, see What is Amazon AppConfig?.
Parameter Store features
Parameter Store includes the following features for managing parameters:
-
Share parameters with other accounts
Centralize configuration data in a single Amazon Web Services account and share parameters with other accounts that need access. For more information, see Working with shared parameters in Parameter Store.
-
OS Patching
Amazon EC2 lets you specify the operating system for new instances by referencing a parameter instead of hardcoding an AMI (AMI) ID. This approach ensures your instances automatically use the latest patched and updated images. Amazon and operating system vendors provide public parameters that track current AMI versions, so you don't have to manage updates manually. You can also define your own parameters to reference a centrally managed golden AMI, making it easier to enforce consistent, approved configurations across your organization.
-
Accessible from other Amazon Web Services services
Other Amazon services allow you to easily reference parameter values. Here are some examples:
-
Lambda functions can retrieve parameters and secrets using the Parameters and Secrets Lambda Extension.
-
Amazon Elastic Container Service and Amazon Fargate allow you to inject environmental variables whose values are managed centrally in parameter store.
-
Amazon CloudFormation templates can reference parameter values.
-
Amazon AppConfig enables you to create configuration profiles that reference parameters, allowing you to safely deploy configuration changes using features such as gradual rollouts, alarm-based rollbacks, and built-in data validation.
-
Amazon CodeBuild allows you to define environmental variables whose values are dynamically retrieved from Parameter Store at build time.
-
-
Parameter History
Parameter Store retains the 100 most recent versions of each parameter, so you can quickly review and reconstruct previous values when investigating operational issues.
-
Events and notifications
Automate workflows in Parameter Store by subscribing to parameter change events. You can also use change events to enforce expiration and receive notifications when a parameter hasn’t been rotated within a specified timeframe.
-
Organize parameters hierarchically
Use parameter hierarchies to group related parameters, making it easier to discover, manage, and filter them across environments and applications.
Parameter tiers
Parameter Store offers multiple parameter tiers that affect cost, scale, and performance. You individually configure parameters to use either the standard-parameter tier (the default tier) or the advanced-parameter tier.
Use:
Standard parameters for most configuration data and low-scale workloads
Advanced parameters when you need higher limits, larger values, or parameter policies
Important
You can upgrade a parameter from standard to advanced, but you cannot downgrade it.
The following table describes the differences between parameter tiers.
| Feature | Standard | Advanced |
|---|---|---|
|
Maximum parameters (per Amazon Web Services account and Amazon Web Services Region) |
10,000 |
100,000 |
|
Maximum value size |
4 KB |
8 KB |
|
Parameter policies |
Not supported |
Supported For more information, see Assigning parameter policies in Parameter Store. |
|
Share parameters across Amazon Web Services accounts |
Not supported |
Supported For more information, see Working with shared parameters in Parameter Store. |
|
Cost |
No additional charge |
Charges apply For more information, see Amazon Systems Manager
Pricing for Parameter Store |
For more information about parameter tiers and their features, see Managing tiers.
For a complete list of Parameter Store quotas and limits, see Amazon Systems Manager endpoints and quotas in the Amazon General Reference.
Performance and throughput
Parameter Store provides a default throughput suitable for lower scale workloads. For applications that require higher request rates, you can enable higher throughput.
Default throughput is sufficient for typical configuration retrieval patterns.
High-throughput mode supports significantly higher request rates for large-scale or latency-sensitive applications.
Additional charges apply when higher throughput is enabled.
If your application retrieves parameters frequently or at scale, evaluate throughput settings early to avoid throttling. For information about enabling high-throughput, see Changing Parameter Store throughput.
How to retrieve parameters
You can retrieve parameters from Parameter Store using the Amazon Web Services Management Console, Amazon CLI, or Amazon SDKs to call the following API actions:
Amazon CLI: The following table includes sample Amazon CLI commands for Parameter Store.
| Command | Usage | Best For |
|---|---|---|
|
get-parameter |
aws ssm get-parameter --name " |
Fetching one specific parameter value. |
|
get-parameter |
aws ssm get-parameter --name " |
Fetching |
|
get-parameters |
aws ssm get-parameters --names " |
Fetching up to 10 specific, unrelated parameters at once. |
|
get-parameters-by-path |
aws ssm get-parameters-by-path --path " |
Bulk retrieval of an entire environment's configuration. |
|
get-parameter-history |
aws ssm get-parameter-history --name " |
Checking how a value has changed over time. |
SDKs (e.g., Boto3 for Python): Use methods like get_parameter() or get_parameters_by_path() within your application code to fetch values at runtime.
CDK and Amazon CloudFormation:
Amazon CDK: Use
valueForStringParameterorvalueFromLookupto read values during synthesis or deployment.Amazon CloudFormation: Use dynamic references like
{{resolve:ssm:parameter-name:version}}to inject values directly into templates.
Note
For most dynamic parameter references, you specify the parameter name by using the following convention:
{{ssm:}}parameter-name
To get started with Parameter Store, see Setting up Parameter Store.