]> git.cworth.org Git - turbot/commitdiff
projects / turbot / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b999fd0)
Cache SSM parameter values into environment variables
authorCarl Worth <cworth@cworth.org>
Fri, 23 Oct 2020 12:54:27 +0000 (05:54 -0700)
committerCarl Worth <cworth@cworth.org>
Fri, 23 Oct 2020 13:26:19 +0000 (06:26 -0700)
The goal here is to reduce SSM parameter reads/writes. Hopefully, as
AWS reuses a container for multiple calls to our Lambda function,
these values can be read from the environment instead of needing to
reach out to AWS.

The reason we want to reduce calls to SSM functions in that AWS Free
Tier gives us only 20,000 KMS requests compared to 1,000,000 AWS
Lambda requests.

turbot_lambda/turbot_lambda.py patch | blob | history

diff --git a/turbot_lambda/turbot_lambda.py b/turbot_lambda/turbot_lambda.py
index 4074d7732d3fee7d20aa49b402e682aab2aa9011..7d8ac4d917cbd46dd148296397ce51ac18e7e1e0 100644 (file)
--- a/turbot_lambda/turbot_lambda.py
+++ b/turbot_lambda/turbot_lambda.py
@@ -5,6 +5,7 @@ import boto3
 import requests
 import json
 import pickle
+import os
 from types import SimpleNamespace
 from google.auth.transport.requests import Request
 from googleapiclient.discovery import build
@@ -17,14 +18,24 @@ ssm = boto3.client('ssm')
 # Note: Late import here to have the environment variable above available
 from turbot.slack import slack_is_valid_request # noqa
 
-response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
-slack_bot_token = response['Parameter']['Value']
+if 'SLACK_BOT_TOKEN' in os.environ:
+    slack_bot_token = os.environ['SLACK_BOT_TOKEN']
+else:
+    response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
+    slack_bot_token = response['Parameter']['Value']
+    os.environ['SLACK_BOT_TOKEN'] = slack_bot_token
 slack_client = WebClient(slack_bot_token)
 
-response = ssm.get_parameter(Name='GSHEETS_PICKLE_BASE64', WithDecryption=True)
-gsheets_pickle_base64 = response['Parameter']['Value']
+if 'GSHEETS_PICKLE_BASE64' in os.environ:
+    gsheets_pick_base64 = os.environ['GSHEETS_PICKLE_BASE64']
+else:
+    response = ssm.get_parameter(Name='GSHEETS_PICKLE_BASE64',
+                                 WithDecryption=True)
+    gsheets_pickle_base64 = response['Parameter']['Value']
+    os.environ['GSHEETS_PICKLE_BASE64'] = gsheets_pickle_base64
 gsheets_pickle = base64.b64decode(gsheets_pickle_base64)
 gsheets_creds = pickle.loads(gsheets_pickle)
+
 if gsheets_creds:
     if gsheets_creds.valid:
         print("Loaded valid GSheets credentials from SSM")
@@ -34,6 +45,7 @@ if gsheets_creds:
         gsheets_pickle_base64_bytes = base64.b64encode(gsheets_pickle)
         gsheets_pickle_base64 = gsheets_pickle_base64_bytes.decode('us-ascii')
         print("Storing refreshed GSheets credentials into SSM")
+        os.environ['GSHEETS_PICKLE_BASE64'] = gsheets_pickle_base64
         ssm.put_parameter(Name='GSHEETS_PICKLE_BASE64',
                           Type='SecureString',
                           Value=gsheets_pickle_base64,
A Slack app for Halibut That Bass