Calling aws secretsmanager update-secret in a loop (batch updates) #8392
Unanswered
dev-samples
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am trying to batch automate updating of secrets in a loop but based on:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html
UpdateSecret :Each supported Region: 50 per second
and:
https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_update-secret.html
We recommend you avoid calling PutSecretValue or UpdateSecret at a sustained rate of more than once every 10 minutes. When you call PutSecretValue or UpdateSecret to update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes unlabeled versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you update the secret value more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.
It seems that in general you should avoid calling:
aws secretsmanager update-secretin a loop - even with a sleep of a few seconds?
And regarding the multiple versions of a secret I only see two versions (AWSPREVIOUS and AWSCURRENT). But maybe the above is related to some versioning not exposed in the web console?
Beta Was this translation helpful? Give feedback.
All reactions