It seems that the awsV4Signature() function is loaded as an axios request interceptor in @lifeomic/alpha, which (I think) means that the function is invoked on each request. Since a new instance of defaultProvider() is instantiated at https://github.com/LifeOmic/alpha/blob/master/src/interceptors/aws-v4-signature.ts#L68, each lambda call is re-instantiating those credentials - meaning, re-invoking the ECS container metadata endpoint, if loading from ECS (or EC2).
It would be better if @lifeomic/alpha instantiated defaultProvider() just one time and re-used the same credential provider in the interceptor.
e.g.
+const DEFAULT_CREDENTIAL_PROVIDER = defaultProvider();
const awsV4Signature: AlphaInterceptor = async (config) => {
...
const {
- credentials = defaultProvider(),
+ credentials = DEFAULT_CREDENTIAL_PROVIDER,See https://github.com/JupiterOne/sdk/pull/930/files#r1270091324
Also, I'd recommend setting default retries in the defaultProvider(), like so:
-const DEFAULT_CREDENTIAL_PROVIDER = defaultProvider();
+const DEFAULT_CREDENTIAL_PROVIDER = defaultProvider({ maxRetries: 3 });
It seems that the
awsV4Signature()function is loaded as an axios request interceptor in@lifeomic/alpha, which (I think) means that the function is invoked on each request. Since a new instance ofdefaultProvider()is instantiated at https://github.com/LifeOmic/alpha/blob/master/src/interceptors/aws-v4-signature.ts#L68, each lambda call is re-instantiating those credentials - meaning, re-invoking the ECS container metadata endpoint, if loading from ECS (or EC2).It would be better if
@lifeomic/alphainstantiateddefaultProvider()just one time and re-used the same credential provider in the interceptor.e.g.
See https://github.com/JupiterOne/sdk/pull/930/files#r1270091324
Also, I'd recommend setting default retries in the
defaultProvider(), like so: