Cache un/encrypted expiring values as AWS SSM parameters with a TTL
const SSMCache = require('@cribadvisor/aws-param-cache');
const cache = new SSMCache({
secret: true,
basePath: "/cache"
});
const getAccessToken = async () => {
let accessToken = cache.get("my_token");
if (!accessToken) {
// obtain a new token
// const { newToken, ttl } = getNewToken(...)
accessToken = newToken;
await cache.set("my_token", accessToken, ttl);
}
return accessToken;
};
Sets the parameter type:
true
to useSecureString
false
to useString
Type: bool
Default: true
Where the parameters are stored within SSM (excluding trailing slash)
Be sure to update the IAM policy (see below) if changed
Type: string
Default: /cache
ARN of KMS key to use to encrypt parameter value (optional)
Type: string
Default: undefined
NOTE:
- Replace
Resource
with your AWS region and account ID - Replace
/cache
with the modifiedbasePath
if applicable - Add
kms:Encrypt
andkms:Decrypt
actions and resources for your KMS key (if applicable)
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1585412677747",
"Action": [
"ssm:DeleteParameter",
"ssm:GetParameter",
"ssm:PutParameter"
],
"Effect": "Allow",
"Resource": "arn:aws:ssm:<region>:<account_ID>:parameter/cache/*"
}
]
}