Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Increasing performance of fetching secrets

1

I'm trying to see if there's anything I can do to improve performance when fetching secrets from Secrets Manager. At the moment, we're seeing it taking somewhere between 100-400ms every time (probably averaging ~200ms)... which is a pretty big overhead considering our lambdas themselves typically take less than that.

We were previously caching the secret in memory (for warm/provisioned lambdas), however, that brings us unstuck when those secrets get changed and the lambdas have out-of-date values.

So, my question is two-fold:

  • Is this just "the way it is"? ie. I understand that there's no performance guarantees, but is this just the ballpark that I should expect for these types of fetches?
  • Would using something like a VPC Endpoint help? All the doc seems to suggest that the benefits are more about security, rather than performance, but I'm happy to explore.

Thanks.

Topics
EducationSecurity, Identity, & Compliancere:Post Discussion
Tags
AWS Secrets ManagerAWS re:Post Live
Language
English
asked 4 years ago1.4K views
2 Answers
1

This question has been answered in detail during the AWS Supports You event. Answer is provided here .

SUPPORT ENGINEER
answered 3 years ago
0

For anyone who doesn't want to watch the 15-minute video segment, I've watched it, and the answers seem to be:

Q: Is this just "the way it is"? A: Yes.

Q: Would using something like a VPC Endpoint help? A: No.

The video suggested rotation strategies (e.g. two-hot) to avoid caching being a problem.

By the way, AWS Parameter and Secrets Lambda extension exists and can be used for caching, but I believe it only helps on warm starts.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content