-
Hi fip,
Thank you for raising this concern. When storing sensitive information such as IoT credentials in AWS Systems Manager Parameter Store, the correct approach is to use SecureString parameters, not plain String. A SecureString automatically encrypts the data using AWS Key Management Service (KMS) and ensures that credentials remain secure while still being fully auditable through AWS CloudTrail. The mention of “standard parameters” in the explanation refers to the free Standard tier, which supports SecureString without any extra cost. This makes it both secure and cost-effective compared to alternatives like AWS Secrets Manager, which adds more features such as rotation but at a higher cost.
In short, the credentials should be stored as SecureString standard parameters in Parameter Store. This way, the organization meets both the security requirement (encrypted and protected) and the audit requirement (independent tracking of access), while keeping costs minimal.
If you have further questions or need additional clarification, please don’t hesitate to contact us.
Best,
Irene @ Tutorials Dojo
