It looks like both AWS Secrets Manager and AWS System Manager Parameter Store are doing similar things, which is to store secrets. When do you choose one over the other?
I think they both started out life to do different things but seem to have converged in use cases. Parameter Store is integrated with Secret Manager now so they do overlap. A potential scenario I can see is just the ability to segment access to certain things. Let’s say we give our DevOps engineers access to Parameter Store to keep all sorts of environment variables that need to be referenced.
But maybe we keep our Secret Manager restricted to just our Security Team. They store and rotate passwords for RDS instances there. So, you could create a pretty nice segregation of duties there without having to share the DBA credentials with the DevOps engineers. Similarly, the Security Team could be walled off from access to the RDS instances.
With SSM Parameter Store You can automate tasks. i.e if Parameter value is changed, You can run SSM automation document that propagate this new value on specified resources.