Introducing pre-fetching and IAM role assumption for AWS Secrets Manager Agent

AWS Secrets Manager Agent now supports two new capabilities: pre-fetching secrets at startup and assuming an IAM role to retrieve secrets. With pre-fetching, you can specify a list of secrets or a tag value to retrieve and cache at agent startup, reducing application startup latency and optimizing cost through the BatchGetSecretValue API. With IAM role assumption, you can pass a role ARN in your pre-fetch configuration or HTTP requests for secret retrieval. The agent assumes the specified role to retrieve secrets, enabling cross-account secret retrieval by assuming a role in a different account.

Together, these enhancements strengthen your security posture through role-based secret access and reduce operational overhead by eliminating custom pre-loading logic. For example, a microservice that requires 20 secrets at startup can now pre-fetch them in a single batch operation, cutting startup latency by avoiding sequential GetSecretValue calls. IAM role assumption also simplifies multi-account architectures by enabling you to specify a different IAM role per secret.

AWS Secrets Manager Agent with pre-fetching and IAM role assumption is supported in all AWS Regions where AWS Secrets Manager is offered. To learn more, visit the AWS Secrets Manager Agent documentation.    

Categories: general:products/aws-secrets-manager

Source: Amazon Web Services

Latest Posts