Build a cache layer for secrets stored in AWS Secrets manager using AWS Lambda extension
A month back AWS announced a preview of Lambda Extensions, a new way to easily integrate Lambda with your favorite monitoring, observability, security, and governance tools. Extensions can be published as Lambda layers, there are two types are extension:
The whole idea of extensions was fascinating to me. So I thought, instead of just using the extensions for just implementing observability patterns, why can’t we build a cache layer for secrets using extensions.
As always, I googled my idea to see anyone has already implemented this. A famous company named “Square” has many smarter engineers than me, and they have already published a Lambda extension with a similar idea in GitHub 😟 . To be clear, they did a fantastic job, but like always, there is room for improvement, isn’t it right?
The extension they published was storing the secret in “/tmp” directory of the Lambda, a BIG NO NO from a security perspective, and no cache refresh logic. So I decided to let me build an extension that can take care of all the below use cases:
#aws-lambda #secrets #cache #aws