DEV Community: Aman Kumar

Caching Patterns and Strategies for High-Traffic Applications

Aman Kumar — Sat, 03 Jan 2026 19:08:41 +0000

Caching is one of the most powerful techniques to improve application performance, scalability, and cost efficiency. Whether you’re building a microservice, API, or distributed system, choosing the right caching strategy can drastically improve response times and reduce backend load.

In this article, we’ll explore all major caching strategies, their use cases, pros & cons, and code examples

📌 What Is Caching?

Caching is the process of storing frequently accessed data in fast-access storage (like memory) so future requests can be served faster without hitting the database or external service.

🧠 Types of Caching Strategies

1️⃣ Cache-Aside (Lazy Loading)

🔹 How it works:

Application checks cache first.
If data is found → return it.
If not found → fetch from DB → store in cache → return.

📌 Flow:
Client → Cache → (miss) → Database → Cache → Client

🧠 Best for:

Read-heavy systems
Frequently accessed data
Microservices APIs

✅ Advantages:

Cache only stores necessary data
Simple to implement
No stale data until explicitly updated

❌ Disadvantages:

First request always slow
Cache miss penalty

💻 Example (Node.js + Redis):

const key = `user:${id}`;
let user = await redis.get(key);

if (!user) {
  user = await db.getUser(id);
  await redis.set(key, JSON.stringify(user), 'EX', 3600);
}

return JSON.parse(user);

2️⃣ Write-Through Cache

🔹 How it works:

Data is written to cache and database at the same time.

📌 Flow:
Write → Cache → Database Read → Cache

🧠 Best for:

Strong consistency requirements
Financial or transactional systems

✅ Advantages:

Cache always up-to-date
Simple reads

❌ Disadvantages:

Higher write latency

💻 Example:

await redis.set(key, value);
await db.save(value);

3️⃣ Write-Behind (Write-Back) Cache

🔹 How it works:

Write goes to cache immediately.
Database update happens asynchronously.

📌 Flow:
Write → Cache → (Async) → Database

🧠 Best for:

High write throughput systems
Analytics or logs

✅ Advantages:

Very fast writes

❌ Disadvantages:

Risk of data loss if cache crashes

4️⃣ Read-Through Cache

🔹 How it works:

Cache automatically loads data from DB if not present.

📌 Flow:
App → Cache (auto fetch DB on miss)

🧠 Best for:

Managed caching systems
Simplifying application logic

Example:

Used internally by Redis with cache loaders.

5️⃣ Write-Around Cache

🔹 How it works:

Writes go directly to DB
Cache only updated on read

📌 Flow:
Write → DB Read → Cache → DB (if miss)

🧠 Best for:

Write-heavy systems
Avoid polluting cache

❌ Downside:

Cache miss after write

6️⃣ Cache Invalidation

🔹 Strategies:

Time-based (TTL)
Manual eviction
Event-driven invalidation

Example:
redis.del(user:${id});

7️⃣ Distributed Cache

Used across multiple services or nodes.

Popular Tools:

Redis
Memcached
Amazon ElastiCache
Azure Redis Cache

Use Case:

Microservices
Session management
Rate limiting

8️⃣ CDN Caching

Caches static content at edge locations.

Best for:

Images
JS/CSS
Videos

Tools:

Cloudflare
AWS CloudFront
Azure CDN

9️⃣ Cache Eviction Policies

Policy Description
LRU Least Recently Used
LFU Least Frequently Used
FIFO First In First Out
TTL Time-based expiration

🔥 Real-World Architecture Example

Client ↓ API Gateway ↓ Redis Cache ↓ Database

Used in:

E-commerce
Chat apps
Banking dashboards
Analytics dashboards

🧪 Example: Redis + Node.js Cache Service

async function getUser(id) {
  const cacheKey = `user:${id}`;
  const cached = await redis.get(cacheKey);

  if (cached) return JSON.parse(cached);

  const user = await db.findUser(id);
  await redis.set(cacheKey, JSON.stringify(user), 'EX', 3600);
  return user;
}

🧠 When to Use Which Strategy?

Scenario Recommended Strategy
Read-heavy system Cache-aside
Financial apps Write-through
High-write apps Write-behind
Distributed systems Redis
Static assets CDN
Frequent updates Short TTL

🏁 Conclusion

Caching is not optional in modern systems — it’s essential.

Choose the strategy based on:

Data consistency needs
Read/write ratio
Latency tolerance
Failure tolerance

💡 A good caching strategy can improve performance by 10x or more.

AWS Secrets Manager: How to Set Up Secrets and Fetch Them in a Python Lambda

Aman Kumar — Fri, 19 Dec 2025 06:52:13 +0000

Managing sensitive information such as database passwords, API keys, and tokens is a critical part of building secure cloud applications. Hardcoding secrets in source code or configuration files is a common anti-pattern that leads to security vulnerabilities.

AWS Secrets Manager provides a secure, scalable, and auditable way to store and retrieve secrets dynamically at runtime. In this blog, we will cover:

What AWS Secrets Manager is
How to create and store secrets
IAM permissions required
How to fetch secrets in a Python AWS Lambda
Best practices

1. What Is AWS Secrets Manager?

AWS Secrets Manager is a managed service that helps you:

Securely store secrets (credentials, API keys, tokens)
Encrypt secrets using AWS KMS
Control access via IAM
Rotate secrets automatically (for supported services)
Retrieve secrets programmatically at runtime

Typical use cases:

Database credentials (RDS, Aurora)
Third-party API keys
JWT signing secrets
OAuth client secrets

2. Creating a Secret in AWS Secrets Manager

Step 1: Open AWS Secrets Manager

Navigate to Secrets Manager

Click Store a new secret

Step 2: Choose Secret Type

Select Other type of secret if you want to store custom values such as API keys.

Example (Key/Value pairs):
DB_USERNAME = admin DB_PASSWORD = StrongPassword@123 DB_HOST = mydb.cluster-xyz.us-east-1.rds.amazonaws.com

Secrets Manager stores these values as encrypted JSON.

Step 3: Configure Encryption

Choose the default AWS-managed KMS key

Select a customer-managed KMS key for stricter compliance

Step 4: Name the Secret

Give the secret a clear, environment-aware name:

myapp/dev/database myapp/staging/database myapp/prod/database

This naming strategy avoids accidental cross-environment access.

Step 5: Review and Create

Click Store. Your secret is now securely stored.

3. IAM Permissions for Lambda

Your Lambda function must have permission to read secrets.

IAM Policy Example

Attach this policy to the Lambda execution role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:GetSecretValue"
      ],
      "Resource": "arn:aws:secretsmanager:us-east-1:123456789012:secret:myapp/dev/database*"
    }
  ]
}

Important:
Always scope the Resource to specific secrets instead of using "*".

4. Fetching Secrets in a Python Lambda

Step 1: Python Dependencies

AWS Lambda already includes:

boto3
botocore

No additional libraries are required.

Step 2: Python Code to Fetch Secrets

import json
import boto3
from botocore.exceptions import ClientError

def get_secret(secret_name, region_name="us-east-1"):
    client = boto3.client(
        service_name="secretsmanager",
        region_name=region_name
    )

    try:
        response = client.get_secret_value(SecretId=secret_name)
    except ClientError as e:
        raise RuntimeError(f"Unable to retrieve secret: {e}")

    # Secrets are usually stored as JSON strings
    if "SecretString" in response:
        return json.loads(response["SecretString"])
    else:
        # Binary secrets (rare case)
        return response["SecretBinary"]

Step 3: Using Secrets in Lambda Handler

def lambda_handler(event, context):
    secret_name = "myapp/dev/database"

    secrets = get_secret(secret_name)

    db_user = secrets["DB_USERNAME"]
    db_password = secrets["DB_PASSWORD"]
    db_host = secrets["DB_HOST"]

    # Example usage
    print(f"Connecting to DB at {db_host} with user {db_user}")

    return {
        "statusCode": 200,
        "body": "Secrets fetched successfully"
    }

5. Performance Consideration (Important)

Each call to GetSecretValue is a network call.

Recommended Optimization: Cache Secrets

Because Lambda execution environments are reused, you can cache secrets at module level:

_cached_secrets = None

def get_cached_secret(secret_name):
    global _cached_secrets
    if _cached_secrets is None:
        _cached_secrets = get_secret(secret_name)
    return _cached_secrets

This reduces latency and API calls significantly.

6. Environment-Based Secret Management

Use environment variables to control which secret is loaded:

SECRET_NAME = myapp/dev/database

import os

secret_name = os.environ["SECRET_NAME"]
secrets = get_cached_secret(secret_name)

This enables:

Same codebase across DEV / STAGE / PROD
Environment-specific secrets
Safer deployments

7. Security and Best Practices

Never hardcode secrets
Use least-privilege IAM policies
Use separate secrets per environment
Enable automatic rotation where supported
Cache secrets inside Lambda for performance
Log carefully—never log secret values
Prefer Secrets Manager over SSM Parameter Store for highly sensitive data