Data key caching example

PDFRSS

This example uses data key caching with a local cache to speed up an application in which data generated by multiple devices is encrypted and stored in different Regions.

In this scenario, multiple data producers generate data, encrypt it, and write to a Kinesis stream in each Region. AWS Lambda functions (consumers) decrypt the streams and write plaintext data to a DynamoDB table in the Region. Data producers and consumers use the AWS Encryption SDK and an AWS KMS master key provider. To reduce calls to KMS, each producer and consumer has their own local cache.

You can find the source code for these examples in Java and Python. The sample also includes a AWS CloudFormation template that defines the resources for the samples.

Local cache results

The following table shows that a local cache reduces the total calls to KMS (per second per Region) in this example to 1% of its original value.

Producer requests

	Requests per second per client			Clients per region	Average requests per second per region
	Generate data key (us-west-2)	Encrypt data key (eu-central-1)	Total (per region)
No cache	1	1	1	500	500
Local cache	1 rps / 100 uses	1 rps / 100 uses	1 rps / 100 uses	500	5

Consumer requests

	Requests per second per client			Client per region	Average requests per second per region
	Decrypt data key	Producers	Total
No cache	1 rps per producer	500	500	2	1,000
Local cache	1 rps per producer / 100 uses	500	5	2	10