How to send cached Secret Manager to RDSDataService

Hi , I understand you have an issue with the increase in your Secret Manager billing and you come across a caching solution which could assist with this. The documentation you shared is a client side caching and dependent on the application, for example if you have a Python application can make us of the caching python guidance [1].

Researching your issue I came across a Lambda caching solution which may be useful to you:- With Lambda a secret can be cached were the Lambda function needs access to Secrets Manager for reading a secret, the secret can get cached as part of the extension start up instead of being fetched as part of Lambda’s first request [2].

In addition, you may want to consider using AWS IAM to Authenticate to your DB instance or cluster instead of Secrets Manager, but it too has limitations [3].

I also advise you have a look at how Secret Manager is billed for better understanding on the API calls being made [4]. Lastly, as you mention it looks like you are being billed per SQL query, you may want to look into these executions and see how it can be narrowed down to only make API calls to Secrets Manager when required or for example fetch the Secrets First and store them in temporary location and run your queries from there.

[1] https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_cache-python.html

[2] https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/cache-secrets-using-aws-lambda-extensions.html

[3] https://docs.amazonaws.cn/en_us/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html#UsingWithRDS.IAMDBAuth.Limitations

[4] https://aws.amazon.com/secrets-manager/pricing/