Introducing pre-fetching and IAM role assumption for AWS Secrets Manager Agent

AWS has enhanced its Secrets Manager Agent with two new capabilities designed to improve performance and security for applications that rely on stored secrets. The service now supports pre-fetching secrets at startup, allowing developers to specify lists of secrets or tag values to retrieve and cache when the agent initializes. This enhancement leverages the BatchGetSecretValue API to reduce application startup latency and optimize costs by eliminating the need for sequential secret retrieval calls. The update also introduces IAM role assumption functionality, enabling the agent to assume specified roles for secret retrieval operations. This capability supports cross-account secret access by allowing the agent to assume roles in different AWS accounts, simplifying multi-account architectures. Organizations can now pass role ARNs either in pre-fetch configurations or direct HTTP requests, providing more granular control over secret access permissions. These improvements address common operational challenges in enterprise environments where applications require multiple secrets during initialization. A microservice needing 20 secrets at startup, for example, can now retrieve them in a single batch operation rather than making individual API calls. The enhancements are available across all AWS regions where Secrets Manager operates, eliminating the need for custom pre-loading logic and strengthening security posture through role-based access controls.