英文:
AWS Parameters and Secrets Lambda Extension behaviour
问题
当使用AWS Parameters and Secrets Lambda Extension检索密码时,当密码进行轮换时,缓存是否会失效?
AWS文档指出:
系统会检测频繁使用的参数值并将其保留在缓存中,同时清除那些已过期或未使用的参数值。
这是否意味着当使用AWSCURRENT版本阶段检索密码时,如果密码值已更新,该值已过期并被清除?还是仅与TTL(生存时间)设置相关?
英文:
When retrieving secrets using the AWS Parameters and Secrets Lambda Extension, does the cache get invalidated when a secret is rotated?
The AWS documentation states:
> the system detects parameter values that are used frequently and maintains them in the cache while clearing those that are expired or unused.
Does this mean when retrieving a secret using the AWSCURRENT version stage, if the secret value is updated, the value has expired and is thus cleared? Or is it solely in relation to the TTL (Time-to-live) settings?
答案1
得分: 3
思考一下:Lambda扩展如何知道是否有新值可供获取,而不是使用缓存的值?只有通过在每个请求中检查参数存储,这将失去缓存的目的。因此,它无法知道任何更新,只有在TTL到期后才会获取更新的值。
文档也明确说明了:
在TTL到期之前更改参数值
扩展不会检测参数值的更改,也不会在TTL到期之前执行自动刷新。如果更改了参数值,使用缓存的参数值的操作可能会失败,直到下次刷新缓存。如果您预计参数值会经常更改,我们建议设置较短的TTL值。
英文:
Think about it this way: how would the lambda extension know there is a new value it should fetch instead of using the cached one? Only by checking the parameter store on each request which would defeat the purpose of the cache. Therefore it cannot know of any updates and will only fetch the updated value once the TTL expires.
The docs also cover that explicitly:
>Changes to a parameter value before TTL expires
The extension doesn't detect changes to the parameter value and doesn't perform an auto-refresh before the TTL expires. If you change a parameter value, operations that use the cached parameter value might fail until the cache is next refreshed. If you expect frequent changes to a parameter value, we recommend setting a shorter TTL value.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论