Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid AWS rate-limits #79

Merged
merged 3 commits into from
Mar 16, 2018
Merged

Avoid AWS rate-limits #79

merged 3 commits into from
Mar 16, 2018

Conversation

djrodgerspryor
Copy link
Contributor

Fix for: #76

The SSM DescribeParameters API has very aggressive rate-limits because it's only meant for manual cli-usage. This can lead to significant delays or timeout errors when using chamber exec/export simultaneously in several places (eg. when starting a whole lot of processes in production).

Chamber uses the DescribeParameters API to find parameters by prefix (eg. 'myservice.*') when listing parameters. There's no better API for this in the general case, but if using paths, AWS provides a GetParametersByPath API which is designed for production usage and has much higher rate-limits. Unlike DescribeParameters, GetParametersByPath only returns parameter names and values; it does not include any metadata (eg. createdOn timestamps).

This PR separates the use-cases of listing parameter metadata (just for the list command) and listing parameter values (for exec and export commands). It then utilises the GetParametersByPath API for the values-only commands IFF usePaths is true.

Since the GetParametersByPath API requires a new permission, chamber will now gracefully fall-back to the old DescribeParameters implementation, but it will log a deprecation warning about the need for a new permission.

At StileEducation, we've been using a fork with the GetParametersByPath code for a week or so now with no problems. It's totally eradicated the rate-limiting issues which were previously preventing us from deploying chamber.

This doesn't fix the rate-limiting problem for anyone who's not using paths, but there's no good way to do that with the given AWS APIs. The best option would be to call GetParametersByPath on the path '/', then filter the results locally, but that could be really slow for some use-cases; it's not an obvious win like this change is.

The best long-term solution is probably to move to using paths as the preferred convention, in-line with the design of the AWS APIs.

Which returns secret keys and values, but *not* metadata. Use it for the production-like commands — exec and export — which don't need the metadata.

Currently it's just a wrapper around List, which uses the AWS DescribeParameters API and thus has access to all of the metadata. Because that API is intended for CLI (not production) usage, it has very strict rate-limits. Separating-out the production usages with the new ListRaw API will allow us to use the AWS GetParametersByPath method instead, which only returns the keys and values, but has much higher rate-limits.
To avoid AWS throttling limits on DescribeParameters
So that anyone using paths who hasn't granted GetParametersByPath
permission can still use chamber they way they used-to. They'll
get a warning about the need to add the new permission, which will
also allow them to avoid rate-limits.
Copy link
Contributor

@dfuentes dfuentes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks so much for this. I think quite a few people are going to benefit from this change.

I believe the current plan is to do a major version bump soon where paths become the default, especially since there are compelling performance gains.

@dfuentes dfuentes merged commit 46acc29 into segmentio:master Mar 16, 2018
@nickatsegment nickatsegment mentioned this pull request Nov 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants