CA Cert bundle too large for SSM Parameter

[jamesthompson26-nhs]

SSM Params have a maximum character count of 4096KB. The new CA bundles below are considerably larger than that:

https://github.com/NHSDigital/mesh-client/blob/develop/mesh_client/nhs-int-ca-bundle.pem https://github.com/NHSDigital/mesh-client/blob/develop/mesh_client/nhs-live-ca-bundle.pem

Need to either store the ca cert in s3 or secrets manager to avoid this limit.

[aidenvaines-bjss]

https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html#API_PutParameter_RequestSyntax:~:text=Advanced%20parameters%20have%20a%20content%20size%20limit%20of%208%20KB Advanced parameters support 8k file sizes

as an example using the proposed .pem above and i can do this

Adding https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter#tier configured to advanced should solve the issue

However, SSM Advanced has costs: https://aws.amazon.com/systems-manager/pricing/#:~:text=monthly%20cost%20%3D%20%24152.64-,Parameter%20Store,-AWS%20Systems%20Manager which looks remarkably like secrets manager pricing https://aws.amazon.com/secrets-manager/pricing/ we'd need to do some maths for number of secrets + number of requests as it might just be easier to depricate SSM being used for this

[davidhallam4-nhs]

Just to confirm, SSM advanced tier does provide enough storage for both the legacy G1 and new G2 CA cert chains.