Secrets Manager API vs Lambda Extension: performance comparison
Table of Contents
More than one and half year ago AWS announced the launch of the AWS Parameters and Secrets Lambda Extension.
This extension allows you to retrieve secrets and parameters from AWS Secrets Manager and AWS Systems Manager, respectively, without using the APIs. By doing so, you can avoid the associated costs and the need to manage the caching of values manually.
The announcement claims that using these extensions instead of the APIs can improve performance and decrease costs.
To verify the accuracy of these claims, I decided to use AWS Lambda Power Tuning, specifically leveraging the comparison function provided by the UI tool.
Is it true that using Lambda Extensions will improve performance and decrease costs?
Let’s find out!
The tool for the test: AWS Lambda Power Tuning #
AWS Lambda Power Tuning is a user-friendly and opensource tool that helps you to improve the performance of your Lambda functions.
You simply specify the Lambda function you want to enhance and the memory values you want to test. Then, the tool runs multiple versions of your function with different memory settings. It measures their execution time and calculates the associated costs, providing insights into performance improvements.
You can find comprehensive documentation on how to deploy and execute AWS Lambda Power Tuning in the repo linked below.
AWS Lambda Power Tuning is an open-source tool that can help you visualize and fine-tune the memory/power configuration of Lambda functions. It runs in your own AWS account - powered by AWS Step Functions - and it supports three optimization strategies: cost, speed, and balanced.
The test #
For this test, I have created two lambdas:
getSecretWithSecretsManagerAPI
: it retrieves the secret using the Secrets Manager API (sdk v3).getSecretWithLambdaExtension
: it retrieves the secret using the Secrets Lambda Extension.
Both functions:
- Use
nodejs20.x
runtime - Use
arm64
architecture - Are deployed in
eu-west-1
region
To perform the test, I configured and executed an AWS Step Functions state machine. The state machine allowed me to specify memory values to allocate to the Lambda functions. I chose to run the state machine for memory values ranging from 128 MB to 3008 MB.
After running the state machine once for each Lambda function, I used the tool’s UI to compare the results.
The results #
The execution time for the lambda that retrieves the secret using the Secrets Manager API varies from 46 seconds with 128 MB to 24 seconds with 512 MB. Beyond 512 MB, the execution time remains more or less stable at 24 seconds.
On the other hand, the execution time for the lambda that retrieves the secret using Lambda Extension ranges from 23 milliseconds with 128 MB to 5 seconds with 512 MB. Beyond 512 MB, the execution time remains stable at around 5 seconds.
The test confirms the expectations: the lambda that retrieves the secret using Lambda Extension is always more performant and cheaper than the lambda that retrieves the secret using Secrets Manager API.
Below are two tables comparing the execution time and costs for the two functions.
On average, the Lambda function that uses Lambda Extension to retrieve the secret is 282% faster than the one using the Secrets Manager API.
On average, the Lambda that uses Lambda Extension to retrieve the secret is 271% cheaper than the one using Secrets Manager API.
Conclusions #
At the beginning of the article we aimed to answer to the question:
Is it true that using Lambda Extensions will improve performance and decrease costs?
The test show that yes, using Lambda Extension for retrieving secrets from Secrets Manager is consistently faster and more cost-effective across different memory configurations.
That’s all folks! 🚀
If you have questions or would like to provide feedback, email me at martina.theindiecoder@gmail.com.