Can AWS Lambda securely unlock the vault to authenticate your ever-scaling ECS applications, or is there a more scalable way?


In the example provided by Vault, the response wrapping involves spinning up Jenkins runners on demand. However, in our architecture, we deploy applications on Amazon ECS (Elastic Container Service), and the CI/CD process dynamically updates the cluster, resulting in variable numbers of server instances. Given that AWS Lambda has a limit of 1000 concurrent executions, we are concerned about its scalability for authentication in this environment.

  1. Can AWS Lambda effectively serve as a trusted authenticator for our dynamic ECS-based architecture, ensuring secure access to Vault secrets for our applications?

  2. Are there alternative authentication architectures that can better accommodate our dynamic scaling requirements and provide a secure approach for authenticating ECS-based applications with Vault, especially considering potential limitations with Lambda’s concurrency?