Presentation is loading. Please wait.

Presentation is loading. Please wait.

Application Settings Management – SSM Parameter Store

Published byたつや おおばま Modified over 5 years ago

Similar presentations

Presentation on theme: "Application Settings Management – SSM Parameter Store"— Presentation transcript:

1 Application Settings Management – SSM Parameter Store
April 2018

2 What is the problem we are trying to solve?
Configuration settings stored in Octopus Deploy (web transforms) Configuration settings stored in Team City Secrets stored in Octopus Deploy (managed by infosec) Secrets stored in Team City (managed by infosec) Configuration settings stored in application source code/repositories Applications have multiple environment settings baked in Simple config changes have to go through the full life cycle – code change, check in, build, deploy everything to live.

3 What is SSM parameter store?
“AWS Systems Manager Parameter Store provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name that you specified when you created the parameter. Highly scalable, available, and durable, Parameter Store is backed by the AWS Cloud”

4 Why we choose SSM as the solution
One place to manage all secrets (easier for infosec) One place to manage all application configuration Simple Config changes won’t need a site deployment (*work required) It’s a secure, scalable, hosted service Control and audit access at granular levels (controlled by infosec) Configure change notifications and trigger actions Parameters can be tagged and secured (or secure by path) Built into key AWS functions: EC2, ECS, Lambda, Cloudformation, CodeBuild, CodeDeploy… Can also use AWS SDK for other tools: OD, TC It’s FREE!

5 Quick demo of a working example
TeamCity Deployment OLD vs NEW Gamstop Consumer (node ecs app) App loads configuration from ssm on startup C# Test harness Application hooks in a proxy on startup

6 Real world examples of its usage and what are the benefits we get from it.
Config change (e.g couchbase bucket) – can be done without a code change and a closely planned deployment through the environments. This will make future infrastructure changes more manageable as we build more and more services that need to communicate to each other. Settings which change depending on the deployment environment can be pulled at application start-up time. This fits well with the containerisation pattern where we can bake a single deployment package which is suitable for all environments. We can state with absolute certainty what a configuration value is or was at any given time. Currently, just seeing a value in TeamCity or OD requires further analysis of the build/deploy configuration to see if the value is even used.

7 What we haven't done Built client libraries for everyone (currently node and c#) Built in secret rotations (infosec road map) Built in auto application configuration refresh (*app changes needed) Migrated all applications (will take time) Hardened the packages for DR Better UI for managing settings (console is hard work) Built Tombola procedures (clarify ownership of secrets)

8 Useful Links AWS Documentation Project Documentation Node Package
Project Documentation Node Package Node Example (Gamstop Batch Consumer) Nuget Package Nuget Example (UK Umbraco CMS)

Download ppt "Application Settings Management – SSM Parameter Store"

Similar presentations

Running Your Startup on Amazon Web Services Alex Iskold Founder/CEO AdaptiveBlue Feature Writer ReadWriteWeb.

Running Your Startup on Amazon Web Services Alex Iskold Founder/CEO AdaptiveBlue Feature Writer ReadWriteWeb.
Futures – Alpha Cloud Deployment and Application Management.

Futures – Alpha Cloud Deployment and Application Management.
Marihebert Leal. Alteryx is the fastest analytics plataform that is purpose- built to empower data analysts & their productivity. It blend complex data,

Marihebert Leal. Alteryx is the fastest analytics plataform that is purpose- built to empower data analysts & their productivity. It blend complex data,
© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Quad APIs and SDK Preview Sachin Smotra Product Manger, Enterprise.

© 2012 Cisco and/or its affiliates. All rights reserved. Presentation_ID Cisco Public Quad APIs and SDK Preview Sachin Smotra Product Manger, Enterprise.
NuGet Sweet, but not edible Chris

NuGet Sweet, but not edible Chris
Storage Refresh Project Migration of Enterprise Leased Shares Websites Home Directory Service.

Storage Refresh Project Migration of Enterprise Leased Shares Websites Home Directory Service.
Discussion of the main data management or database building issues that may be involved in the early stages of designing a new multicentre, clinical trial.

Discussion of the main data management or database building issues that may be involved in the early stages of designing a new multicentre, clinical trial.
DEV304. What scriptcs is and why it exists How to get it Basics of how to use it Putting the pedal to the metal.

DEV304. What scriptcs is and why it exists How to get it Basics of how to use it Putting the pedal to the metal.
Back to Basics A Tour of Microsoft SharePoint. Who am I? Kenny Duenke Lead Systems Analyst RGA

Back to Basics A Tour of Microsoft SharePoint. Who am I? Kenny Duenke Lead Systems Analyst RGA
Windows Azure and iOS Chris Risner Windows Azure Technical Evangelist Microsoft

Windows Azure and iOS Chris Risner Windows Azure Technical Evangelist Microsoft
Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:

Amazon Web Services. Amazon Web Services (AWS) - robust, scalable and affordable infrastructure for cloud computing. This session is about:
Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
For Rapid Application Development Developed By

For Rapid Application Development Developed By
Power BI Solutions for California Colleges

Power BI Solutions for California Colleges
DevOps with ASP.NET Core and Entity Framework Core

DevOps with ASP.NET Core and Entity Framework Core
AWS Simple Icons v AWS Simple Icons: Usage Guidelines

AWS Simple Icons v AWS Simple Icons: Usage Guidelines
Stress Free Deployments with Octopus Deploy

Stress Free Deployments with Octopus Deploy
AWS Solution Architect Associate Exam https://www.dumps4download.com/aws-solution-architect- associate-dumps.html Free AWS Solution Training Exam Question.

AWS Solution Architect Associate Exam associate-dumps.html Free AWS Solution Training Exam Question.
@ Bucharest DevOps Hacker Meetup

@ Bucharest DevOps Hacker Meetup

Similar presentations

Ads by Google