I'm currently using a Lambda function to call an external API, and it needs to authenticate with Client Credentials flow using OAuth. The process works fine, but I have a limitation: I can only issue 1,000 tokens a month. To avoid hitting this limit, I want to cache the access token while it's still valid, so I can reuse it instead of retrieving a new one every time. What are my best options for caching the token? I've considered a few solutions:
1. **DynamoDB Table** - This feels like overkill for just one value.
2. **Elasticache** - Again, seems like too much for a single value.
3. **S3** - Similarly seems excessive.
4. **Something else I haven't thought of?**
6 Answers
DynamoDB could work great here too! It's quick and actually more cost-effective than S3 for small data. A lot of people use it in similar situations, so it's definitely not overkill.
Have you thought about using Parameter Store? You can store your access token as a parameter, and if you set it up as a secret, you can encrypt it for extra security. Just make sure your Lambda has the right permissions to decrypt it.
If you're looking for simplicity, you might also consider creating an in-memory cache. Since the global scope of a Lambda is shared while it's running, this could work well for concurrent invocations.
This sounds like a great idea! It's sort of like how you would set up your database connections outside of the handler.
Just a heads up though, that global scope sharing only happens between concurrent invocations within the same instance, so you'll need to keep that in mind.
Using DynamoDB is not overkill; it's a common choice for cases like this. You could even set up a separate function just for updating the credentials, which would help manage the hot partition issue.
Honestly, I don't see why using DynamoDB would be overkill for this. Both DynamoDB and S3 are serverless options and can fit your needs without much hassle. You might also want to consider Secrets Manager if you need additional security.
Parameter Store or Secrets Manager would be good alternatives too, both work well for storing access tokens.
I agree, this might be the simplest way to go. You could create a separate Lambda function that fetches and stores new tokens at regular intervals, say every 45 minutes, and trigger it with EventBridge. Then, any other Lambdas can just pull the token from Parameter Store.