Data key caching example

This example uses data key caching with a local cache to speed up an application in which data generated by multiple devices is encrypted and stored in different Regions.

In this scenario, multiple data producers generate data, encrypt it, and write to a Kinesis stream in each Region. AWS Lambda functions (consumers) decrypt the streams and write plaintext data to a DynamoDB table in the Region. Data producers and consumers use the AWS Encryption SDK and an AWS KMS master key provider. To reduce calls to KMS, each producer and consumer has their own local cache.

You can find the source code for these examples in Java and Python. The sample also includes a AWS CloudFormation template that defines the resources for the samples.

This diagram shows how data producers and consumers use the AWS KMS, Amazon Kinesis Data Streams, and Amazon DynamoDB.

Local cache results

The following table shows that a local cache reduces the total calls to KMS (per second per Region) in this example to 1% of its original value.

Producer requests
	Requests per second per client			Clients per region	Average requests per second per region
	Generate data key (us-west-2)	Encrypt data key (eu-central-1)	Total (per region)	Clients per region	Average requests per second per region
No cache	1	1	1	500	500
Local cache	1 rps / 100 uses	1 rps / 100 uses	1 rps / 100 uses	500	5

Consumer requests
	Requests per second per client			Client per region	Average requests per second per region
	Decrypt data key	Producers	Total	Client per region	Average requests per second per region
No cache	1 rps per producer	500	500	2	1,000
Local cache	1 rps per producer / 100 uses	500	5	2	10

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Data key caching details

Example code