Instance Profile Credentials using Spring Cloud

1. Introduction

In this quick article, we’re going to build a Spring Cloud application that uses instance profile credentials to connect to an S3 bucket.

2. Provisioning Our Cloud Environment

Instance profiles are an AWS feature that allows EC2 instances to connect to other AWS resources with temporary credentials. These credentials are short-lived and are automatically rotated by AWS.

Users can only request temporary credentials from within EC2 instances. However, we can use these credentials from anywhere until they expire.

To get more help specifically on instance profile configuration, check out AWS’s documentation.

2.1. Deployment

First of all, we need an AWS environment that has the appropriate setup.

For the code sample below, we need to stand up an EC2 instance, an S3 bucket, and the appropriate IAM roles. To do this, we can use the CloudFormation template in the code sample or simply stand these resources up on our own.

2.2. Verification

Next, we should make sure our EC2 instance can retrieve instance profile credentials. Replace <InstanceProfileRoleName> with the actual instance profile role name:

curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<InstanceProfileRoleName>

If everything is setup correctly, then the JSON response will contain AccessKeyIdSecretAccessKeyToken, and Expiration properties.

3. Configuring Spring Cloud

Now, for our sample application. We need to configure Spring Boot to use instance profiles, which we can do in our Spring Boot configuration file:

cloud.aws.credentials.instanceProfile=true

And, that’s it! If this Spring Boot application is deployed in an EC2 instance, then each client will automatically attempt to use instance profile credentials to connect to AWS resources.

This is because Spring Cloud uses the EC2ContainerCredentialsProviderWrapper from the AWS SDK. This will look for credentials in priority order, automatically ending with instance profile credentials if it can’t find any others in the system.

If we need to specify that Spring Cloud only use instance profiles, then we can instantiate our own AmazonS3 instance.

We can configure it with an InstanceProfileCredentialsProvider and publish it as a bean:

@Bean
public AmazonS3 amazonS3() {
    InstanceProfileCredentialsProvider provider
      = new InstanceProfileCredentialsProvider(true);
    return AmazonS3ClientBuilder.standard()
      .withCredentials(provider)
      .build();
}

This will replace the default AmazonS3 instance provided by Spring Cloud.

4. Connecting to Our S3 Bucket

Now, we can connect to our S3 bucket using Spring Cloud as normal, but without needing to configure permanent credentials:

@Component
public class SpringCloudS3Service {

    // other declarations

    @Autowired
    AmazonS3 amazonS3;

    public void createBucket(String bucketName) {
        // log statement
        amazonS3.createBucket(bucketName);
    }
}

Remember that because instance profiles are only issued to EC2 instances, this code only works when running on an EC2 instance.

Of course, we can repeat the process for any AWS service that our EC2 instance connects to, including EC2, SQS, and SNS.

5. Conclusion

In this tutorial, we’ve seen how to use instance profile credentials with Spring Cloud. Also, we created a simple application that connects to an S3 bucket.

As always, the full source can be found over on GitHub.

Related posts:

Extract links from an HTML page
@Before vs @BeforeClass vs @BeforeEach vs @BeforeAll
Java Program to Solve any Linear Equations
Hướng dẫn Java Design Pattern – Null Object
Guide to the Fork/Join Framework in Java
Guide to Mustache with Spring Boot
Java Program to Implement Sieve Of Eratosthenes
Weak References in Java
Java Program to Check whether Graph is a Bipartite using BFS
Easy Ways to Write a Java InputStream to an OutputStream
Quick Guide to Spring MVC with Velocity
Generating Random Numbers in a Range in Java
OAuth2 for a Spring REST API – Handle the Refresh Token in AngularJS
Java Program to Implement Adjacency Matrix
Java Program to Check whether Undirected Graph is Connected using DFS
Java Program to Implement the String Search Algorithm for Short Text Sizes
Derived Query Methods in Spring Data JPA Repositories
Java Program to Find Transitive Closure of a Graph
The Spring @Controller and @RestController Annotations
Java Program to Find Path Between Two Nodes in a Graph
Date Time trong Java 8
Java Program to Implement RoleUnresolvedList API
Ways to Iterate Over a List in Java
Java Program to Implement Min Heap
Java Program to Implement Sorted Doubly Linked List
Java Program to Implement Traveling Salesman Problem using Nearest neighbour Algorithm
Tránh lỗi ConcurrentModificationException trong Java như thế nào?
Receive email using POP3
Handling Errors in Spring WebFlux
Hướng dẫn Java Design Pattern – Visitor
Spring Autowiring of Generic Types
Converting a Stack Trace to a String in Java