Dynamic references with Parameter Store and Secrets Manager
At the beginning of this chapter, we looked at passing parameters either in a JSON file or as a command-line argument.
Although it is a known practice in infrastructure-as-code to keep parameters in a version control system (VCS), it introduces additional complexity.
If we store parameters in a VCS, we need to take care of encrypting sensitive data, such as passwords or other credentials. If we pass them via command-line arguments, we have to make sure we don't make a mistake or a typo (which is a common occurrence in the life of IT engineers).
To solve these issues, we can store template parameters in the SSM Parameter Store or Secrets Manager (for passwords).
They both support versioning, so we can always revert the parameters to the previous version if there was a mistake and then redeploy our stack.
Another benefit of using the Parameter Store and Secrets Manager is that we can provide developers who...