We’ve seen occasionally poor performance on the AWS EC2 Metadata API when using IAM roles at Intouch which got
me thinking. Why does the
aws-pdp-sdk need to hit the EC2 Metadata API during every request? Well, it turns out, it’s
simple. If you don’t explicitly give the sdk a cache interface, then it won’t use one!
If you pass an instance of the CacheInterface class through as your
credentials setting when you
instantiate the aws-sdk, it’ll use that interface to cache STS tokens returned via the metadata API when granting your
application permissions via either EC2 IAM Roles or ECS Task IAM Roles. Simple!
How has this worked for you? Found a problem? Let me know and open an issue!