38.5 Refactoring Configuration to run in EC2 and PC with configured AWS credentials (#38)

2021-09-29 22:34:34 +03:00
parent 75bec1802e
commit cc44da8452
3 changed files with 28 additions and 18 deletions
--- a/README.md
+++ b/README.md
@ -529,4 +529,30 @@ systemctl restart docker
 3.  Create ApplicationListener<ApplicationPreparedEvent>    
 4.  Add the new application listener to the `spring.factories` file in the folder `src/main/resources/META-INF`    
 5.  Test locally -> works    
+ 
+#####  38.5 Refactoring Configuration to run in EC2 and PC with configured AWS credentials
+
+1.  Get rid of `Access key ID` and `Secret access key`
+    -  on PC we have configured credentials for AWS-CLI
+    -  ~/.aws/credentials -> 
+        -  `[default]`
+        -  `aws_access_key_id = AK...CY`
+        -  `aws_secret_access_key = Fk...30`
+2.  For EC2 attach IAM Role that allow access to S3 and Security Manager
+    -  EC2 -> Instances -> `docker-ec2` -> Actions -> Security -> Modify IAM Role
+    -  Create New IAM Role
+        -  Use Case:
+            -  EC2
+            -  Allows EC2 instances to call AWS services on your behalf.
+        -  Attach permissions policies
+            -  SecretsManagerReadWrite
+            -  AmazonS3FullAccess
+        -  Name:  `ec2-services-role`                 
+    -  Save
+3.  Deploy
+4.  Test -> OK
+
+
+
+
    
--- a/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java
+++ b/support-portal-backend/src/main/java/net/shyshkin/study/fullstack/supportportal/backend/config/AmazonConfig.java
@ -1,11 +1,7 @@
 package net.shyshkin.study.fullstack.supportportal.backend.config;

-import com.amazonaws.auth.AWSCredentials;
-import com.amazonaws.auth.AWSStaticCredentialsProvider;
-import com.amazonaws.auth.BasicAWSCredentials;
 import com.amazonaws.services.s3.AmazonS3;
 import com.amazonaws.services.s3.AmazonS3ClientBuilder;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
@ -15,16 +11,7 @@ import org.springframework.context.annotation.Profile;
 public class AmazonConfig {

    @Bean
-    public AmazonS3 s3(@Value("${app.amazon-s3.access-key}") String accessKey,
-                       @Value("${app.amazon-s3.secret-key}") String secretKey,
-                       @Value("${app.amazon-s3.region}") String region) {
-
-        AWSCredentials awsCredentials =
-                new BasicAWSCredentials(accessKey, secretKey);
-        return AmazonS3ClientBuilder
-                .standard()
-                .withRegion(region)
-                .withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
-                .build();
+    public AmazonS3 s3() {
+        return AmazonS3ClientBuilder.defaultClient();
    }
 }
--- a/support-portal-backend/src/main/resources/application.yml
+++ b/support-portal-backend/src/main/resources/application.yml
@ -135,9 +135,6 @@ spring:
      on-profile: image-s3
 app:
  amazon-s3:
-    access-key: ${AMAZON_S3_ACCESS_KEY}
-    secret-key: ${AMAZON_S3_SECRET_KEY}
-    region: eu-north-1
    bucket-name: portal-user-profile-images