How can I configure spring app to use IAM Role(running inside AWS ECS) on aws and credentials on dev env?

How to configure spring boot app to use IAM Role? Is this code below enough? Or I'm totally wrong?

@Bean
public AmazonS3 amazonS3Client() {

    return AmazonS3ClientBuilder.standard()
            .withCredentials(new AWSCredentialsProviderChain(InstanceProfileCredentialsProvider.getInstance(), new ProfileCredentialsProvider()))
            .build();
}

Upvotes: 3

Answers (2)

m.nguyencntt

Reputation: 943

I did as below and its working fine, dont use InstanceProfileCredentialsProvider.getInstance() which is not working with me

@Bean
public AmazonS3 getS3Client() {
  return AmazonS3ClientBuilder.standard()
      .withCredentials(DefaultAWSCredentialsProviderChain.getInstance())
      .withRegion(Regions.AP_SOUTHEAST_1).build();
}

Upvotes: 1

Ram

Reputation: 373

Use STSAssumeRole to achive this

    @Value("${my.aws.assumeRoleARN:}")
    private String assumeRoleARN;    

    @Bean
    @Primary
    public AWSCredentialsProvider awsCredentialsProvider() {
        log.info("Assuming role {}",assumeRoleARN);
        if (StringUtils.isNotEmpty(assumeRoleARN)) {
            AWSSecurityTokenService stsClient = AWSSecurityTokenServiceClientBuilder.standard()
                    .withClientConfiguration(clientConfiguration())
                    .withCredentials(awsCredentialsProvider)
                    .build();

            return new STSAssumeRoleSessionCredentialsProvider
                    .Builder(assumeRoleARN, "role")
                    .withStsClient(stsClient)
                    .build();
        }
        return awsCredentialsProvider;
    }

    @Bean
    @ConfigurationProperties(prefix = "aws.configuration")
    public ClientConfiguration clientConfiguration() {
        return new ClientConfiguration();
    }

    @Bean
    @Primary
    public AmazonS3 amazonS3() {
        return AmazonS3ClientBuilder.standard().
                withCredentials(awsCredentialsProvider()).
                withClientConfiguration(clientConfiguration()).
                build();
    }

Upvotes: 3

How can I configure spring app to use IAM Role(running inside AWS ECS) on aws and credentials on dev env?

Answers (2)

Related Questions