Open jamesthompson26-nhs opened 8 months ago
https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PutParameter.html#API_PutParameter_RequestSyntax:~:text=Advanced%20parameters%20have%20a%20content%20size%20limit%20of%208%20KB Advanced parameters support 8k file sizes
as an example using the proposed .pem
above and i can do this
Adding https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ssm_parameter#tier configured to advanced should solve the issue
However, SSM Advanced has costs: https://aws.amazon.com/systems-manager/pricing/#:~:text=monthly%20cost%20%3D%20%24152.64-,Parameter%20Store,-AWS%20Systems%20Manager which looks remarkably like secrets manager pricing https://aws.amazon.com/secrets-manager/pricing/ we'd need to do some maths for number of secrets + number of requests as it might just be easier to depricate SSM being used for this
Just to confirm, SSM advanced tier does provide enough storage for both the legacy G1 and new G2 CA cert chains.
SSM Params have a maximum character count of 4096KB. The new CA bundles below are considerably larger than that:
https://github.com/NHSDigital/mesh-client/blob/develop/mesh_client/nhs-int-ca-bundle.pem https://github.com/NHSDigital/mesh-client/blob/develop/mesh_client/nhs-live-ca-bundle.pem
Need to either store the ca cert in s3 or secrets manager to avoid this limit.