- Mais recentes
- Mais votos
- Mais comentários
Hi,
AWS Lambda extension is relatively a newer but better option in case you have to fetch parameters/secrets from the Parameter Store.
Especially because it reduces the no. of API calls made to the Parameter Store, hence reducing latency and cost.
In your case, it does not make any difference in terms of cost, since you have just 1 parameter which is fetched 24 times a day.
However, having a separate layer for handling parameters allows you to separate the logic of fetching parameters and other operational tasks from your core business logic, hence introducing separation of concern, and making your code cleaner.
Now, it's up to you, if you want a simpler approach with full control over how you fetch and process parameters, and you are okay with making a few changes to your existing code, then use SDK.
Or else, if you want a streamlined approach without modifying your function code significantly, then use Lambda extensions.
Hope this helps you make an informed decision.
References:
[1] https://docs.aws.amazon.com/systems-manager/latest/userguide/ps-integration-lambda-extensions.html
[2] https://aws.amazon.com/blogs/compute/using-the-aws-parameter-and-secrets-lambda-extension-to-cache-parameters-and-secrets/
[3] https://aws.amazon.com/blogs/compute/caching-data-and-configuration-settings-with-aws-lambda-extensions/
Thanks,
Atul
Hi Liliane
Since you mention Spring, I guess that you develop in Java.
So, my (opinionated) perspective on your questions:
- if your Lambda runs only once an hour, Lambda (and other) caches are useless: you'd better fetch directly from AWS SSM Parameter Store. A cache would only bring the risk of incorrect value for no benefit... Access to SSM PS are quite fast: time them in your code to validate.
- the Lambda Java runtime provides direct access to the AWS SDK: you want to use it. Not using the SDK would mean coding the REST requests against the AWS service endpoints (with SigV4...), which is lots of (complex) work.
- Additionally, if you use the SDK provided by the Lambda runtime, AWS will update it (bgs, vulnerabilities, etc.) for you at no effort on your side
Including SDK yourself would lock it to a given version, which is not what you necessarily want to do when you start: AWS is happy to do the patching for you.
I hope that I properly understood your questions to be then so direct...
Best,
Didier
Conteúdo relevante
- AWS OFICIALAtualizada há um ano
I do agree with using the extension is a bit of an overkill. However, as we have to set a standard for future cases it is better to separate the retrieval of the secrets by using the extension instead of changing code within the Lambda function. I do thank you for your response as it helped me to make an informed decision. Appreciated.
Liliane, you're welcome. My recommendation: don't over engineer at first by designing for cases that may eventually never happen. So, go simple first and sophisticate as really needed. A Lamdba can very easily updated at any point in time (compared to older monoliths(: you'll implement better code when you get more experience on your use case.