-1

We have a use case where we need to generate an API token every 9 minutes and store it to use for next 9 minutes and we generate API token again and replace old one. This is the cycle that we follow in our application. The application is running in AWS Lambda function .

The question is, where do we save this token for 9 minutes and rotate every 9 minutes? We can save in one of the DynamoDB tables and retrieve it in our application for low latency, or should we save it in Secrets Manager?

Which is the better option to store and retrieve for this use case so that latency would be low for my Application ?

I will have to use this token 1 million times in a day in my application .

Anupam
  • 284
  • 5
  • 21

1 Answers1

3

It is recommended to avoid calling PutSecretValue or UpdateSecret at a sustained rate of more than once every 10 minutes. When you call PutSecretValue or UpdateSecret to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions

Also AWS secrete manager API has cost implication as well Here is the general guidance for secret manager

https://aws.amazon.com/blogs/security/how-to-rotate-your-twitter-api-key-and-bearer-token-automatically-with-aws-secrets-manager/

My suggestion would be to use Dynamo DB for this use case

Sudarshan kumar
  • 1,503
  • 4
  • 36
  • 83