I accidentally stored a password in AWS SSM as a String instead of a SecureString. I then accessed this parameter in Python using boto3. Are there any security implications I need to be worried about now?
This is how I accessed it via Python:
client = boto3.client('ssm', region_name=REGION_NAME)
parameter = client.get_parameter(Name=abs_key, WithDecryption=True)['Parameter']
value = parameter['Value']
Thanks!
The answer really depends on your level of paranoia. By storing as a String rather than SecureString, the password is stored in plaintext in the Parameter Store. Anyone with access to your Parameter Store would be able to read the password. This includes any members of your AWS account with Parameter Store access and AWS themselves. If you're worried about the former, you might want to change your password and store the new password as a SecureString, choosing a KMS key that only appropriate users have access to. If you're worried about the latter, you should switch cloud providers.
Retrieving the password with boto3 does not increase your risk or exposure. The password is encrypted thanks to TLS when boto requests the parameter using the AWS API (the API is https only).