AWS systems-manager documentation change
Summary
Expanded Parameter Store description and added recommendation to use Secrets Manager for credentials requiring rotation, cross-account access, or audit logging.
Security assessment
The change enhances documentation about secure secrets management by differentiating use cases between Parameter Store and Secrets Manager. It guides users toward more secure practices for sensitive credentials but doesn't address any specific vulnerability.
Diff
diff --git a/systems-manager/latest/userguide/systems-manager-tools.md b/systems-manager/latest/userguide/systems-manager-tools.md index 91b9ad52c..aa745ee81 100644 --- a//systems-manager/latest/userguide/systems-manager-tools.md +++ b//systems-manager/latest/userguide/systems-manager-tools.md @@ -119 +119,3 @@ Parameter Store -[Parameter Store](./systems-manager-parameter-store.html) provides secure, hierarchical storage for configuration data and secrets management. You can store data such as passwords, database strings, Amazon Elastic Compute Cloud (Amazon EC2) instance IDs and Amazon Machine Image (AMI) IDs, and license codes as parameter values. You can store values as plain text or encrypted data. You can then reference values by using the unique name you specified when you created the parameter. +[Parameter Store](./systems-manager-parameter-store.html) enables you to securely store, organize, and retrieve configuration data at scale. It supports a wide range of use cases, from managing plain-text configuration values – such as database connection strings and application settings – to handling sensitive data like secrets for low-risk environments. Parameter Store is designed to simplify configuration management across environments, allowing teams to standardize how applications access critical data without hardcoding values or relying on fragmented storage solutions. + +If you manage credentials that require automatic rotation, cross-account access, or fine-grained audit logging, we recommend using [AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html). Secrets Manager is purpose-built for managing secrets such as database credentials, API keys, and supported third-party software-vended secrets. For more information, see [What is AWS Secrets Manager?](https://docs.aws.amazon.com//secretsmanager/latest/userguide/intro.html) in the _AWS Secrets Manager User Guide_.