I am new to AWS and Spring Cloud. I have accomplished a simple AWS Java Application where the AWS credentials are stored in ~/.aws/credentials file. It works just fine. I moved to a new project in Spring Boot and Spring Cloud. I would like to continue using the ~/.aws/credential that I have set up for the Java application. However, I have not been able to find a way to load the credentials from the credentials file. I had to move the access key and secret key to the aws-config.xml.
<aws-context:context-credentials>
<aws-context:simple-credentials access-key="${accessKey:}" secret-key="${secretKey:}"/>
<aws-context:context-resource-loader/>
When I accomplished this, the Spring Boot and Spring Cloud application worked fine. However, keeping the information in the xml file is not the safest way because I am using GitHub.
Can someone point me in the direction whereby I can pull the information from the ~/.aws/credentials file into Spring Boot /Spring Cloud using Maven?
Thank you for taking the time reading my post.
Russ
try below settings
cloud:
aws:
credentials:
instanceProfile: false
useDefaultAwsCredentialsChain: false
profileName: <name>
profilePath: ${user.home}/.aws/credentials
Instance Profile sounds like the right option!
It's a IAM-role that lives on instances, without the need to hardcode credentials in code.
Spring Cloud's Maven setup guide :)
Related
So the title says pretty much it all. I have a spring-boot based Microservices and I need to supply everything which usually goes to application.properties via AWS AppConfig. How can I do this? I've created a sample project, but how can I do this for the database URL?
If I had correctly understand the question then you need to configure the application properties through the AWS Config. On high level, AWS Config has Configuration Profile where you can store the configurations. The config profile can be in YML, JSON or text document format. Here is the official documentation of AWS config.
Is there any way to decrypt encrypted properties in Spring Cloud config Server in other projects?
For example, I want to decrypt "test" = "{chip}asdasdasd" without using the crypto endpoint of the spring cloud server.
Thank you in advance for your reply.
If you are using Spring Boot application as a client, it's easy, just add
encrypt:
key: your_key
to bootsrap.yaml and Spring will handle everything else.
Problems appear when you have other clients.
Then you can try to find some libraries or create your own: Example for TypeScript
I'm using the Azure key vaults just follow this doc.
and spring cloud config server ,
i put the configurations of key vaults in spring cloud config
but found out when application start, the Azure key vaults is load before spring cloud config
so means i can not get the azure configs in spring cloud.
is there a way to change the load sequence?
make the spring cloud configs load in firstly
I have been using the Spring cloud Service connectors for Pivotal cloud foundry for a long time which gets the connection details from the VCAP_SERVICES env variable. Now we have a requirement to read these credentials from Vault . I am just curious , Can I still continue to use the Service binding approach with spring cloud connector ? I would assume we don't want to expose these credentials from vault to an VCAP_SERVICES variable which defeat the purpose of the vault. Has there been any enhancements in Spring cloud connectors to read the credentials directly from Vault rather than depending the VCAP_SERVICES env variable or should I resort back to the Spring boot's default Application Properties based approach instead of the service binding approach using cloud connectors ?
The Spring Cloud Connectors project is now in maintenance mode, in favor of the newer Java CFEnv project. However, Java CFEnv is also very specific to Cloud Foundry's VCAP_SERVICES model of exposing service bindings and won't help you if the service connection info is in Vault.
I would suggest that you fall back to the Spring Boot properties-based approach using Spring Cloud Vault or Spring Cloud Config Server's Vault integration to automate fetching the properties from Vault and making them available as Spring Boot properties.
I am looking for a simple working demo of integrating Spring cloud to access AWS SQS. I found few samples online but having hard time running this at locally (not on EC2) as its hard to inject required dependencies manually on local run.
Sorry this is a little old, but hopefully it will help someone out there.
I used this example to get my Spring Boot application to receive messages from Amazon SQS. It worked almost perfectly using Spring Boot 1.3 and Spring Framework 4.2, so I won't bother copying what is already written there.
The only thing I did differently was that I put my AWS credentials into my project's .yml file, like so:
# In src/main/resources/application.yml
cloud:
aws:
credentials:
accessKey: ABCDEFGHIJKLMNOPQRSTUVQXYZ
secretKey: aBigSecretKey
region:
auto: true
stack:
auto: false
The AmazonSqsAsync client auto-authenticates using these provided properties, so you don't have to worry about any of the steps of the authentication process. All you have to do is drop these properties into the file, and you're good to go :)
Hope this helps.
you could find a sample with current(spring-boot:2.4) version here Ryanair guides-awspring-localstack-sqs