From 3f55f48bd1a209854aef278b7e70e663cda4ee9a Mon Sep 17 00:00:00 2001
From: Carl Worth <cworth@cworth.org>
Date: Fri, 23 Oct 2020 05:54:27 -0700
Subject: [PATCH] Cache SSM parameter values into environment variables

The goal here is to reduce SSM parameter reads/writes. Hopefully, as
AWS reuses a container for multiple calls to our Lambda function,
these values can be read from the environment instead of needing to
reach out to AWS.

The reason we want to reduce calls to SSM functions in that AWS Free
Tier gives us only 20,000 KMS requests compared to 1,000,000 AWS
Lambda requests.
---
 turbot_lambda/turbot_lambda.py | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/turbot_lambda/turbot_lambda.py b/turbot_lambda/turbot_lambda.py
index 4074d77..7d8ac4d 100644
--- a/turbot_lambda/turbot_lambda.py
+++ b/turbot_lambda/turbot_lambda.py
@@ -5,6 +5,7 @@ import boto3
 import requests
 import json
 import pickle
+import os
 from types import SimpleNamespace
 from google.auth.transport.requests import Request
 from googleapiclient.discovery import build
@@ -17,14 +18,24 @@ ssm = boto3.client('ssm')
 # Note: Late import here to have the environment variable above available
 from turbot.slack import slack_is_valid_request # noqa
 
-response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
-slack_bot_token = response['Parameter']['Value']
+if 'SLACK_BOT_TOKEN' in os.environ:
+    slack_bot_token = os.environ['SLACK_BOT_TOKEN']
+else:
+    response = ssm.get_parameter(Name='SLACK_BOT_TOKEN', WithDecryption=True)
+    slack_bot_token = response['Parameter']['Value']
+    os.environ['SLACK_BOT_TOKEN'] = slack_bot_token
 slack_client = WebClient(slack_bot_token)
 
-response = ssm.get_parameter(Name='GSHEETS_PICKLE_BASE64', WithDecryption=True)
-gsheets_pickle_base64 = response['Parameter']['Value']
+if 'GSHEETS_PICKLE_BASE64' in os.environ:
+    gsheets_pick_base64 = os.environ['GSHEETS_PICKLE_BASE64']
+else:
+    response = ssm.get_parameter(Name='GSHEETS_PICKLE_BASE64',
+                                 WithDecryption=True)
+    gsheets_pickle_base64 = response['Parameter']['Value']
+    os.environ['GSHEETS_PICKLE_BASE64'] = gsheets_pickle_base64
 gsheets_pickle = base64.b64decode(gsheets_pickle_base64)
 gsheets_creds = pickle.loads(gsheets_pickle)
+
 if gsheets_creds:
     if gsheets_creds.valid:
         print("Loaded valid GSheets credentials from SSM")
@@ -34,6 +45,7 @@ if gsheets_creds:
         gsheets_pickle_base64_bytes = base64.b64encode(gsheets_pickle)
         gsheets_pickle_base64 = gsheets_pickle_base64_bytes.decode('us-ascii')
         print("Storing refreshed GSheets credentials into SSM")
+        os.environ['GSHEETS_PICKLE_BASE64'] = gsheets_pickle_base64
         ssm.put_parameter(Name='GSHEETS_PICKLE_BASE64',
                           Type='SecureString',
                           Value=gsheets_pickle_base64,
-- 
2.43.0