I'm dealing with a situation where my AWS Lambda function uses an environment variable to fetch a value from an SSM parameter path. Initially, it retrieves the parameters and caches them upon the first call. The problem arises when the Lambda function remains hot and the SSM parameter value changes. I need to know how to make the Lambda re-fetch the updated value without restarting the function like you would do with an ECS service. Any suggestions?
2 Answers
A straightforward solution is to simply check after a specific period and refetch the parameter directly if it's due. You can give your Lambda function the necessary permissions to read the updated secret, and it should work fine!
You might want to utilize the parameters and secrets extension, which takes care of fetching and caching secrets automatically with a defined TTL. In case you need to invalidate everything, a workaround is to make a meaningless config change like altering an environment variable, prompting all existing instances to refresh.
Great idea! I usually create a dummy environment variable for this purpose.
Yes, I almost forgot to share this helpful link for reference: [retrieving-secrets in Lambda](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html).
Catching permission errors and then trying again with a fresh token could also be helpful in this situation!