Cache AWS credential provider when fetching KMS credentials

XMLWordPrintableJSON

    • 2
    • None
    • Hide

      Create a copy of the Kickoff Template with the issue key (NODE-XXX) in the filename and share a link to the new doc via this field.

      Show
      Create a copy of the Kickoff Template with the issue key (NODE-XXX) in the filename and share a link to the new doc via this field.
    • Not Needed
    • None
    • None
    • None
    • None
    • None
    • None

      Use Case

      As a FLE user using AWS on-demand credential fetching with temporary credentials
      I want the driver to cache the AWS credential provider,
      So that credential refresh is handled by the AWS sdk and new credentials are not fetched per-request.

      This issue was fixed for MongoDB AWS authentication in NODE-5616 but because we erroneously closed NODE-4234, the issue was not also fixed for KMS credential refresh.

      User Impact

      A user relying on AWS KMS credential refresh may see extra calls to the STS endpoint, potentially overloading the STS server.

      Dependencies

      None.

      Unknowns

      None.

      Acceptance Criteria

      Implementation Requirements

      • Update AWS KMS credential fetching in `aws.ts` to cache the AWS credential provider.
      • The provider should be initialized on-demand the first time AWS KMS credentials are requested.

      Testing Requirements

      • tbd - we don't have prose tests for this auth mechanism.

      Documentation Requirements

      None.

      Follow Up Requirements

      None.

              Assignee:
              Unassigned
              Reporter:
              Bailey Pearson
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: