In Java, Spring Cloud tools can help developers in so many ways. They may quickly construct common patterns in distributed systems with the help of contract testing, configuration management, circuit breakers, intelligent routing, micro-proxies, control buses, and short-lived microservices. Boilerplate patterns are produced during the coordination of distributed systems, and developers can easily set up services and applications that use those patterns by utilizing Spring Cloud.
In this article, we are going to create instance profile credentials by building a Spring Cloud application.
Step-by-Step Implementation of Instance Profile Credentials using Spring Cloud
Below are the steps to implement instance profile credentials using Spring Cloud.
Step 1: Maven Dependency
Maven users can utilize Spring Cloud AWS module dependencies directly by configuring the specific module. The Spring Cloud AWS module includes all the transitive dependencies of the Spring modules along with the Amazon SDK needed to operate the modules. The entire dependant setup will look like below.
<dependencies>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-aws-context</artifactId>
<version>{spring-cloud-version}</version>
</dependency>
</dependencies>
Step 2: Verification of EC2 Instance Profile Credentials Retrieval
Next, we need to confirm that the instance profile credentials can be retrieved by our EC2 instance. Enter the true instance profile role name in place of <InstanceProfileRoleName>.
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<InstanceProfileRoleName>
Step 3: Configure Spring Cloud Application
Now let’s look at our example use case. To enable instance profiles with Spring Boot, we must specify it as follows in our Spring Boot configuration file:
cloud.aws.credentials.instanceProfile=true
- When deploying this Spring Boot application in an EC2 instance, all clients will immediately try to access to AWS resources using the credentials from the instance profile.
- This is a result of Spring Cloud’s usage of the AWS SDK’s EC2ContainerCredentialsProviderWrapper.
- This will search the system for credentials in order of priority, and if it finds none, it will automatically end up looking for the credentials from the instance profile.
Step 4: Configure with an InstanceProfileCredentialsProvider
We can launch our own Amazon S3 instance if we need to declare that Spring Cloud should only use instance profiles. It can be published as a bean and configured using an InstanceProfileCredentialsProvider.
@Configuration public class AmazonS3Config {
/**
* Configures and provides an Amazon S3 client bean.
*
* @return An instance of the configured AmazonS3 client.
*/
@Bean
public AmazonS3 amazonS3()
{
// Using InstanceProfileCredentialsProvider to retrieve AWS credentials
InstanceProfileCredentialsProvider provider = new InstanceProfileCredentialsProvider( true );
// Building AmazonS3 client with the provided credentials
AmazonS3 amazonS3Client = AmazonS3ClientBuilder.standard()
.withCredentials(provider)
.build();
return amazonS3Client;
}
} |
Step 5: Connect to the S3 Bucket
Now that we have configured permanent credentials, we can connect to the S3 bucket using Spring Cloud as usual.
@Component public class SpringCloudS3Service
{ // Other class-level declarations
@Autowired
AmazonS3 amazonS3;
/**
* Creates an Amazon S3 bucket with the specified name.
*
* @param bucketName The name of the bucket to be created.
*/
public void createBucket(String bucketName)
{
// Log statement indicating the intention to create a bucket
// This log can be useful for debugging and auditing purposes
log.info( "Creating S3 bucket: {}" , bucketName);
// Actual bucket creation using the injected AmazonS3 client
amazonS3.createBucket(bucketName);
// Log statement indicating successful bucket creation
log.info( "S3 bucket '{}' created successfully" , bucketName);
}
} |
This is Instance Profile Credentials using Spring Cloud. In this article, we have learnt how to connect a simple Spring Cloud application to Amazon S3 bucket.