Open in app

Sign in

Write

Sign in

Using AWS System Manager Parameter Store in .NET Core Lambda

Srikar Gandhi
4 min readJul 26, 2022

--

This article is about how to use Parameter store in .NET Core Lambda, Cache configuration values to avoid too many API request to Parameter store and the Cache busting if you need to refresh configuration values.

It also talks about the encrypting the parameters with Customer Managed KMS key, Advance Parameters in Parameter Store etc.

Why do we need to use Parameter Store?

  • It provides secure, hierarchical storage for configuration data management and secrets management. You can store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values. (Reference)
  • Hierarchical structure example as shown below for an App configuration.

How Can we integrate it in .NET Core Apps?

We can use “Amazon.Extensions.Configuration.SystemsManager“ Nuget package to load the parameter/configuration settings from Parameter Store.

For loading parameters from Parameter Store, You need to provide the base path of above hierarchical structure & how time you want to cache the config values in memory, AWS parameter store region.

Accessing Parameter values in code is similar to the accessing configuration values from appsettings.json using .NET SDK IConfiguration methods.

Is it possible to cache the config settings?

  • Yes. The above code snippet “AddSystemsManager“ function accepts a parameter for caching the values.

How does the caching works in Lambda?

  • Cached configuration values will be retained in the memory as long as the Lambda environment is retained by AWS.
  • For example: Fig1 shows that a lambda retains the old config value in local Cache for 15min even though the Config value had modified in Parameter Store. Refer Fig 1 & Fig 2 timestamps for comparison.
  • Fig 1: CloudWatch logs of a lambda.
  • Fig 2: Parameter Store Change History.

How to bust the cached value?

  • Use Lambda environment variable to burst the cache as shown below. If you want to reload the config value change the “reload“ environment variable value to “true“.

2nd Approach:

  • Add another SSM path with an expiration time of 2seconds for refreshing the configuration values.
  • The SSM path has following key & value.
  • You can use above “Refresh” config value as shown below to reload the config settings.

How encrypt the sensitive data?

  • We can use the KMS keys to encrypt sensitive data.
  • Only user/roles has access to the KMS key can decrypt the value.
  • It can incur additional changes. Refer Price Calculator to estimate the cost.

How many Transactions are supported (Scalability)?

  • AWS Systems Manager Parameter Store now supports up to 1,000 requests per second.
  • You can enable higher throughput if the above TPS does not meet your requirement.
  • Higher throughput may incur additional changes. Refer Price Calculator to estimate the cost.
  • Reference

How many parameters can be stored per region, per account?

  • 10000 can be supported.
  • Use SSM advance parameter store if your requirement is > 10000 config
  • Advanced parameters supports 100,000 params.
  • Reference

Complete code is available here

Lambda
Net Core 3
Aws Parameter Store
Cache
Cache Invalidation

--

--

Srikar Gandhi
Srikar Gandhi

Written by Srikar Gandhi

31 Followers
44 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams