Skip to content

Cache un/encrypted expiring values as AWS SSM parameters with a TTL

License

Notifications You must be signed in to change notification settings

CribAdvisor/aws-param-cache

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

aws-param-cache

Cache un/encrypted expiring values as AWS SSM parameters with a TTL

Usage

const SSMCache = require('@cribadvisor/aws-param-cache');

const cache = new SSMCache({
  secret: true,
  basePath: "/cache"
});

const getAccessToken = async () => {
  let accessToken = cache.get("my_token");
  if (!accessToken) {
    // obtain a new token
    // const { newToken, ttl } = getNewToken(...)
    accessToken = newToken;
    await cache.set("my_token", accessToken, ttl);
  }
  return accessToken;
};

Options

secret

Sets the parameter type: true to use SecureString false to use String

Type: bool

Default: true

basePath

Where the parameters are stored within SSM (excluding trailing slash)

Be sure to update the IAM policy (see below) if changed

Type: string

Default: /cache

keyId

ARN of KMS key to use to encrypt parameter value (optional)

Type: string

Default: undefined

Required IAM permissions

NOTE:

  1. Replace Resource with your AWS region and account ID
  2. Replace /cache with the modified basePath if applicable
  3. Add kms:Encrypt and kms:Decrypt actions and resources for your KMS key (if applicable)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1585412677747",
      "Action": [
        "ssm:DeleteParameter",
        "ssm:GetParameter",
        "ssm:PutParameter"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:ssm:<region>:<account_ID>:parameter/cache/*"
    }
  ]
}

About

Cache un/encrypted expiring values as AWS SSM parameters with a TTL

Topics

Resources

License

Stars

Watchers

Forks

Packages