0

Currently we are having access key and secret access key stored in properties file and we are able to make all the Aws service calls, now we want to store access key and secret access key in ssm parameter store(we have been asked to store only in ssm not environment variable or system properties).

Plan is to create a bean during bean instantiation which returns AwsCredentialsProvider with the values read from Ssm, not able to find how to make a call to ssm if the access key and secret access key are stored in ssm itself

One way we have tried is, there is a lambda function which returns all these params in ssm(here also same doubt how we can call without credentials). For the above scenario there is a lambda authorizer but the token we will get once a req is made to backend and we don't want to hit lambda function everytime to get those params.

Would pls someone suggest any way to achieve this or any workaround?

Micro
  • 17
  • 3
  • Your best bet is to create an IAM policy that gives access to Secret Manager from wherever you're deploying your spring-boot jar to. See https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_examples.html – lane.maxwell Feb 03 '23 at 18:58
  • thanks for ur reply..@lane.maxwell. unfortunately team was saying that' not an option. would u pls take a look at this https://stackoverflow.com/questions/75368893. Once i get the credentials can i store it or register as @Bean so it will be there till next deployment. – Micro Feb 08 '23 at 03:12

0 Answers0