AWS Parameter Store

Navigate to your IAM user permissions and add a permission policy to grant access to AWS Parameter Store.

For enhanced security, here’s a custom policy containing the minimum permissions required by Infisical to sync secrets to AWS Parameter Store for the IAM user that you can use:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowSSMAccess",
      "Effect": "Allow",
      "Action": [
        "ssm:PutParameter",
        "ssm:DeleteParameter",
        "ssm:GetParameters",
        "ssm:GetParametersByPath",
        "ssm:DescribeParameters",
        "ssm:DeleteParameters",
        "ssm:AddTagsToResource", // if you need to add tags to secrets
        "kms:ListKeys", // if you need to specify the KMS key
        "kms:ListAliases", // if you need to specify the KMS key
        "kms:Encrypt", // if you need to specify the KMS key
        "kms:Decrypt" // if you need to specify the KMS key
      ],
      "Resource": "*"
    }
  ]
}

Obtain a AWS access key ID and secret access key for your IAM user in IAM > Users > User > Security credentials > Access keys

Navigate to your project’s integrations tab in Infisical.

Press on the AWS Parameter Store tile and input your AWS access key ID and secret access key from the previous step.

Select which Infisical environment secrets you want to sync to which AWS Parameter Store region and indicate the path for your secrets. Then, press create integration to start syncing secrets to AWS Parameter Store.