[SOLVED] Aws AWSSDK.SecretsManager.Caching - Lifetime of the client and the cache object

Aws AWSSDK.SecretsManager.Caching - Lifetime of the client and the cache object

I am looking at using AWSSDK.SecretsManager.Caching to get some information in my .net 8 project and I will use BasicAWSCredentials(accessKey, secretKey) for my local dev instance and EC2 local credentials for container instance. I am wondering about the lifetime of how long the cache should be instaniated, i.e. should the cache be a singleton that I inject and if it is do I need to worry about the client credentials object lifetime, will this auto reconnect if it disconnects? I have read a few articles about this and lots of AWS documentation but have not been able to find anything yet about this. Is the credential object fully managed by AWS so I dont need to think about this, what are my option for handling this when the network is down? Thanks for any help

Solution

I received this answer from my AWS Account manager:

The AWS Secrets Manager client-side caching SDK library for .NET is designed to be thread-safe and to handle concurrent access efficiently, so the cache object should be instantiated as a singleton and shared across the application to maximise the benefits of caching and minimise the number of API requests to AWS Secrets Manager.

You can find more information here (https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-client-side-caching-in-dotnet/) in this blog under "How Secrets Manager client-side caching library for .NET works". You don’t have to worry about client credentials object lifetime as the AWS SDK handles credential management internally, (see here (https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/creds-assign.html#net-dg-config-creds-saml), under using federated user account credentials). In terms of when the network is down, the SecretsManagerCache documentation doesn’t explicitly mention having retry logic, but general AWS SDK documentation (here (https://docs.aws.amazon.com/sdkref/latest/guide/feature-retry-behavior.html)) states that AWS SDKs typically implement automatic retry behaviours for requests made to AWS services.

Otherwise, you might want to implement some additional error handling.

Hope this helps someone :)