How to send cached Secret Manager to RDSDataService
We have noticed that our billing regarding the Secret Manager has increased significantly due to the millions of calls made to this service.
Reading the AWS Docs, it looks like it could be solved with ease by implementing the secrets client caching library. https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-python.html
But we can't figure out how to actually get any benefit of it regarding the following scenario:
- Our Aurora RDS Serverless has the WebServer activated.
- We access to the Data API through AppSync and Lambda.
- All methods of the client RDSDataService only allow to send the "secretArn" parameter, not a cached one.
Then, how can we take advantage of implementing cache?
It seems to us that we are paying for every single executed SQL.
I hope somebody can help us to solve this issue.
Thank you in advanced,
Hi , I understand you have an issue with the increase in your Secret Manager billing and you come across a caching solution which could assist with this. The documentation you shared is a client side caching and dependent on the application, for example if you have a Python application can make us of the caching python guidance .
Researching your issue I came across a Lambda caching solution which may be useful to you:- With Lambda a secret can be cached were the Lambda function needs access to Secrets Manager for reading a secret, the secret can get cached as part of the extension start up instead of being fetched as part of Lambda’s first request .
In addition, you may want to consider using AWS IAM to Authenticate to your DB instance or cluster instead of Secrets Manager, but it too has limitations .
I also advise you have a look at how Secret Manager is billed for better understanding on the API calls being made . Lastly, as you mention it looks like you are being billed per SQL query, you may want to look into these executions and see how it can be narrowed down to only make API calls to Secrets Manager when required or for example fetch the Secrets First and store them in temporary location and run your queries from there.
Accessing AWS Secret Manager outside the AWS environment (such as development evironment set up in our laptop i.e. local machine)asked 4 months ago
How do I allow EC2 Agent to retrieve Secrets from Secret Manager when using CodeDeploy?asked 17 days ago
How to pass ARN of DB credentials stored in secret manager to Lambda in CDK?Accepted Answerasked a month ago
greengrass v2 - secret manager - throws "not supported" exceptionasked a year ago
Unable to get secret for login to external private Container Registryasked 2 years ago
What is the best way to integrate AWS Secret Manager with EKS?Accepted Answerasked 7 months ago
Using Secret Manager for password bug?asked 3 years ago
Failed to fetch secret (temporary issue)asked a year ago
ssm secret password automation in awsasked 6 months ago
How to send cached Secret Manager to RDSDataServiceasked a month ago