Data key caching example - AWS Encryption SDK

Data key caching example

This example uses data key caching with a local cache to speed up an application in which data generated by multiple devices is encrypted and stored in different Regions.

In this scenario, multiple data producers generate data, encrypt it, and write to a Kinesis stream in each Region. AWS Lambda functions (consumers) decrypt the streams and write plaintext data to a DynamoDB table in the Region. Data producers and consumers use the AWS Encryption SDK and an AWS KMS master key provider. To reduce calls to KMS, each producer and consumer has their own local cache.

You can find the source code for these examples in Java and Python. The sample also includes a AWS CloudFormation template that defines the resources for the samples.


      This diagram shows how data producers and consumers use the AWS KMS, Amazon Kinesis Data Streams, and
        Amazon DynamoDB.

Local cache results

The following table shows that a local cache reduces the total calls to KMS (per second per Region) in this example to 1% of its original value.

Requests per second per client Clients per region Average requests per second per region
Generate data key (us-west-2) Encrypt data key (eu-central-1) Total (per region)
No cache 1 1 1 500 500
Local cache 1 rps / 100 uses 1 rps / 100 uses 1 rps / 100 uses 500 5
Requests per second per client Client per region Average requests per second per region
Decrypt data key Producers Total
No cache 1 rps per producer 500 500 2 1,000
Local cache 1 rps per producer / 100 uses 500 5 2 10