In AWS I've got lots (dozens) of lambda functions. As my organization has gained experience with AWS, we've gone through various generations of infrastrucure around building and maintaining our functions. Currently we're making use of the SAM template and Code Pipline created from a CodeStar project to keep track of things. Most of our lambda functions are small and have their own git repos.
When we have configuration that's different between our stage and prod environments, we make use of environment variables pulled in from the template-configuration.json and template.yml provided by CodeStar. For sensitive configuration, we make use of Secrets Manager.
This has been working well for us. If I need to update a piece of sensitive configuration that's being used by ten different lambda functions, I can just update it once in Secrets Manager. What I'm noticing though, is that for configuration that's not sensitive, if it's something that's used by ten different functions, I've got to go update the value in ten different template-configuration.json files, and I have to try and make sure not to miss one!
Surely there's a better way.
I'm aware of Parameter Store in AWS Systems Manager, but I haven't used it before. Is this my best option? Store non-sensitive environment configuration in Parameter Store, and store sensitive environment configuration in Secrets Manager? Is the performance of Parameter Store similar or better to Secrets Manager?
Is there another pattern or AWS Service or something else I should be considering?
