You work for a large bank and are tasked to build an application that allows 30 large customers to perform more than 1000 online transactions per second swiftly and collectively in the us-east-1 region.
The size of each transaction is around 5 KB.
Your manager has told you to ensure data is encrypted end-to-end, you decide to use AWS KMS to meet your requirements.
While using the SDK and testing you see ThrottlingException error.
How will you deliver the application with optimum performance metrics?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect as sending the data to KMS for encryption doesn't meet the encryption requirement in transit and so can't be used.
Option B is CORRECT as using LocalCryptoMaterialsCache is an in-memory cache that can be used to save data keys.
It is a configurable cache that can configured to be made more secure.
Option C is incorrect as increasing the quota will change the performance metrics of the application.
Option D is incorrect as it will not improve the process of encryption and decryption and will not change the performance metrics of the application.
Reference:
https://aws.amazon.com/blogs/security/aws-encryption-sdk-how-to-decide-if-data-key-caching-is-right-for-your-application/The ThrottlingException error occurs when you exceed the maximum rate or limit of a particular AWS service. In this case, it means that you are sending too many requests to AWS KMS and the service is throttling your requests to prevent overload.
To deliver the application with optimum performance metrics, you can consider the following options:
A. Send data directly to AWS KMS for encryption.
This option is not ideal because it means that you will be sending a large number of requests directly to AWS KMS, which may lead to the ThrottlingException error. Additionally, sending data directly to AWS KMS may not be the best option from a security perspective, as it means that you will need to manage encryption keys and potentially expose them to the client.
B. Use LocalCryptoMaterialsCache operation.
LocalCryptoMaterialsCache is a feature of the AWS SDK that allows you to cache encryption materials locally on the client. This can help reduce the number of requests made to AWS KMS, which may help reduce the likelihood of the ThrottlingException error. However, this option may not be suitable for all use cases, particularly those where encryption materials need to be rotated frequently.
C. Use RequestServiceQuotaIncrease operation.
RequestServiceQuotaIncrease is an operation that allows you to request an increase in the maximum rate or limit of a particular AWS service. If you are consistently hitting the ThrottlingException error, this option may be suitable for you. However, it's important to note that AWS may not always grant a request for a quota increase, so this option may not be a reliable solution.
D. Use AWS SQS to queue all requests made to AWS KMS.
Using AWS SQS to queue requests to AWS KMS can help reduce the likelihood of the ThrottlingException error by allowing you to control the rate at which requests are sent to AWS KMS. Additionally, using a message queue can help decouple the client from AWS KMS, which can help improve the scalability and reliability of the application.
In conclusion, option D - using AWS SQS to queue all requests made to AWS KMS - is the best option for delivering the application with optimum performance metrics.