I'm trying to optimize an AWS Lambda function that retrieves information from an external API using OAuth Client Credentials flow. I successfully get an access token with my ClientID and ClientSecret, but I'm limited to 1,000 tokens per month at my current tier. To avoid hitting that limit, I want to cache the token, but I'm unsure about the best approach for storing this single value outside of the function. Here are some options I've considered:
1. DynamoDB – feels a bit excessive for just one token.
2. Elasticache – also seems like overkill.
3. S3 – doesn't quite fit for this purpose.
4. Other possibilities I might be missing?
6 Answers
An in-memory cache could be the easiest solution! Just remember that the global scope of a Lambda persists while it's 'hot', meaning it can share data between concurrent calls for a while. Just be mindful of how often your Lambda gets invoked.
I'm not convinced using DynamoDB or S3 is overkill for just one value. They're both serverless and can handle this well. Secrets Manager could also be an option if you're looking to store sensitive info secure.
Totally agree with using DynamoDB! It’s a common solution for this. Alternatively, look into using Secrets Manager to keep your tokens safe and set up a rotation schedule with another Lambda to refresh the token when needed.
DynamoDB seems like the perfect fit! It's fast, inexpensive, and designed for small data storage—definitely better than S3 in this case.
Considering a Lambda extension for caching is also a good idea! It could work similarly to the method explained here: https://aws.amazon.com/blogs/compute/caching-data-and-configuration-settings-with-aws-lambda-extensions/.
Have you thought about using Parameter Store? It's pretty straightforward, and you can set your parameters as secrets or encrypt them for added security. Remember to give your Lambda permission to access and decrypt these parameters, though! You can check out [AWS Systems Manager Parameter Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html) for more info.
For sure, that's a solid quick fix! I'd even suggest creating a simple Lambda to fetch and store new tokens regularly, like every 45 minutes, and save them encrypted in Parameter Store. Other Lambdas can then retrieve them, potentially using something like Power Tools for optimization.