ConfigurationDeploymentSecurity (1/1)
What is the difference between environment variables and AWS Systems Manager (SSM) Parameter Store for Lambda configuration?
Both environment variables and the AWS Systems Manager (SSM) Parameter Store can be used to manage configuration values for Lambda functions. However, they serve different purposes and have distinct capabilities when it comes to security, scalability, and best practices.
Environment Variables
- Key-value pairs set directly in the Lambda configuration
- Available at runtime via `process.env` in Node.js or `os.environ` in Python
- Supports encryption using AWS KMS for sensitive data
- Limited to 4 KB in total size per function
- Ideal for non-sensitive, short-lived, environment-specific settings
AWS SSM Parameter Store
- Centralized service for managing configuration data and secrets
- Supports both plain-text and encrypted (SecureString) parameters
- Accessible via AWS SDK (e.g., Boto3, AWS SDK for JS)
- Allows versioning, auditing, and fine-grained access control
- Better suited for storing shared, sensitive, or dynamic values
Fetching a Secure Parameter in Python (Boto3)