2

Let's say I have my keys and values (as secured strings) in AWS System manager parameter store in region-1. I want to keep a backup of my keys and values so that if tomorrow I need to have the same values in region-2, I can pull the data using some script and then put it in the parameter store of region-2.

I am planning to dump the data in S3 in an encrypted way using some script and then another script would pull it from S3 and push to parameter store.

Is this the correct approach or is there a better way of doing it ?

Any suggestion would be appreciated !

IllegalSkillsException
  • 875
  • 1
  • 10
  • 32

2 Answers2

0

The solution you've outlined should work. You can reduce the risk of having to use backups by:

a) Using versions, however even that doesn't protect you completely in the event someone deletes the whole param store.

b) Tighten up your IAM permissions on who can do what with the param store.

What you've outlined about decrypting the keys then storing them encrypted in S3 will work fine.

Moe
  • 2,672
  • 10
  • 22
0

I know it is quiet late but for people in the future I am answering this.

So, as per my understanding, you want to fetch all the parameters and save it into a file (lets say json file) and want to put it on S3 for later use or to export it into another region. that is actually quiet simple solution and it works. I recently faced this problem and wrote a script and mentioned in my reply here.

I also have written a short script that will work with lambda functions. The code is here

Thank you.

Muhammad Aamir Mughal
  • 51
  • 5