aws-sdk-js-v3 icon indicating copy to clipboard operation
aws-sdk-js-v3 copied to clipboard
verified publisher icon aws

Cache credentials across all clients

Open everett1992 opened this issue 2 years ago • 2 comments

Describe the feature

In sdk v3 CredentialProviders are not internally cached[^1]. Each time you call a credential provider it refreshes credentials from it's source. This causes workflows that use multiple aws services to take longer as each client fetches the same credentials from the source.

const creds = fromProcess()
await creds() // executes the process
await creds() // executes the process again

Each client caches credentials by wrapping the provider in memoize, but memoize does not cache across instances.

const client = new  S3({ creds })
await client.listObjects({}) // calls credential provider
await client.listObjects({}) // uses cached credentials

new  S3({ creds }).listObjects({}) // calls credential provider again!

Credential providers should use a cache shared across all clients.

[^1]: except the default node provider chain

Use Case

const credentials = fromProcess()
const sqs = new SQS({ credentials })
const ddb = new DynamoDB({ credentials })

await ddb.createTable({...})   // blocks fetching credentials
await sqs.sendMessage({...}) // blocks fetching the same credentials

The use case is any workflow that involves creating multiple aws-sdk clients that use the same credentials or identity. This workflow should only fetch credentials once, not once per client.

Proposed Solution

A couple options:

  1. change the memoize wrapper to use a global cache. I think this could be done simply by moving these variables into a WeakMap keyed by provider. so each memoized provider instance would use the same cached values.
  2. memoize the CredentialProviders provided by @aws-sdk/credential-providers (like fromNodeProviderChain is already)
  3. Add documentation and inform users that they should memoize the credential provider they use
const credentials = memoize(fromProcess())

Option 1 works with aws-sdk authored credential providers as well as user defined providers. Option 2 would only work out of the box with aws authored providers Option 3 would only work when users read the docs

Other Information

No response

Acknowledgements

  • [X] I may be able to implement this feature request
  • [ ] This feature might incur a breaking change

SDK version used

~3.300

Environment details (OS name and version, etc.)

All

everett1992 avatar Apr 04 '23 19:04 everett1992

Hi @everett1992, thanks for opening this feature request. I will add the right labeling so this feature request gets into our backlog. However I want to mention that we prioritize our items based on different criteria, which also includes community reactions and comments. PRs are also welcomed.

Thanks!

yenfryherrerafeliz avatar Apr 10 '23 17:04 yenfryherrerafeliz

Want to vote for this feature request too. Every new client the credentials are requested that is slowing down the getObject() process. image

1nstinct avatar Jan 12 '24 19:01 1nstinct