5Ara
Using AWS System Manager Parameter Store SecureString in config file in ec2
On an ec2 box I am running a service that reads vars from a config file. One var's value is stored in AWS System Manager as a SecureString. I want to use that value in the text file securely.
I can export the value via the cli with aws ssm get parameter --decryption and use that plain text value in a placeholder var called PASS and use that as the value in the config file. But then anyone with access to the box can call the same cli command and see the value.
The ec2 box has one user with an IAM instance profile letting them access the System Manager service.
What is the secure way to do use a SecureString value in a text file?
