Download this presentation where we will discuss the ultimate solutions for securely storing your sensitive information! Our presentation is tailored to learn how to keep your secrets safe, encrypted, and easily accessible. It is about solutions for businesses that handle confidential information, including passwords, financial records, and personal identification numbers. During this event, we will discuss: - AWS secrets management; - SSM Parameter store; - Amazon S3 See our online event on YouTube: https://www.youtube.com/watch?v=--brMuHqZ7I&ab_channel=ZenBitTech Read more in our professional blog: https://zenbit.tech/blog/services-for-storing-secrets-on-aws/

1. Service for
Storing Secrets
Storing secrets like passwords, API keys, and database
credentials is essential for many applications, but it also comes
with significant risks.

2. Automation
AWS services offer features like automatic
secret rotation, allowing you to rotate secrets
regularly and minimize the risk of exposure.
Encryption
All three services offer encryption for secrets
at rest and in transit, helping to protect them
from unauthorized access.
Access Control
AWS services provide a range of access
control options, allowing you to control who
has access to secrets and how they can use
them.
Auditing and Monitoring
AWS services provide audit logging and
monitoring features, allowing you to track
access to secrets and detect any suspicious
activity.
Secrets Management:

3. Replicate secrets across multi regions;
The secrets manager keeps the read
replica in sync with a primary replica;
Use cases: multi-region apps, disaster
recovery strategy, multi-region DB.
02
01
Capability force of rotation for each x day;
Automate generation of secrets on rotation
(lambda should be used);
Good integration with Amazon RDS;
Can be encrypted by using the KMS service.
AWS Secrets Management

4. AWS Secrets Management

5. SSM Parameter Store
Secure store for configuration and secrets;
Optional seamless encryption by using KMS;
Serverless, scalable, durable, easy sdk;
Version tracking of configuration and secrets;
Notifications with AWS EventBridge.

6. SSM Parameter Store
AWSKMS
/my-app/
dev/
db-url
db-password
prod/
db-url
db-password
/my-other-app/
SSM parameter hierarchy

7. Parameters tears
Youcangetsecretsfromtheparameterstorebyusingreferenceslike:
/aws/reference/secretsmanager/secret_id_in_secrets_manager
Andpublicparameterswhichareissuedwithaws,ifyouwanttofindthelatestamiinspecificregion:
/aws/service/ami-amazon-linux-lates/amzn2-ami-hvm-x86_64-gp2

8. Expiration
No change Notification (EventBridge)
(for example, if you want a notification that some parameter have not changed last 20 days)
Expiration Notification (EventBridge)

9. Amazon S3
With server-side encryption: Amazon
S3 provides server-side encryption to
help protect sensitive data at rest.

10. Join our Cloud Solutions Hub LinkedIn Group!
Contact us
We will be glad to answer on any questions!
Liudmyla Dziubynska
CTO at Zenbit Tech
Scan the QR-Code to get Lyudmila's
contacts and link to our Cloud
Solutions Hub LinkedIn Group!