38.5 Refactoring Configuration to run in EC2 and PC with configured AWS credentials (#38)
This commit is contained in:
Art
26
README.md
26
README.md
@ -529,4 +529,30 @@ systemctl restart docker
|
|||||||
3. Create ApplicationListener<ApplicationPreparedEvent>
|
3. Create ApplicationListener<ApplicationPreparedEvent>
|
||||||
4. Add the new application listener to the `spring.factories` file in the folder `src/main/resources/META-INF`
|
4. Add the new application listener to the `spring.factories` file in the folder `src/main/resources/META-INF`
|
||||||
5. Test locally -> works
|
5. Test locally -> works
|
||||||
|
|
||||||
|
##### 38.5 Refactoring Configuration to run in EC2 and PC with configured AWS credentials
|
||||||
|
|
||||||
|
1. Get rid of `Access key ID` and `Secret access key`
|
||||||
|
- on PC we have configured credentials for AWS-CLI
|
||||||
|
- ~/.aws/credentials ->
|
||||||
|
- `[default]`
|
||||||
|
- `aws_access_key_id = AK...CY`
|
||||||
|
- `aws_secret_access_key = Fk...30`
|
||||||
|
2. For EC2 attach IAM Role that allow access to S3 and Security Manager
|
||||||
|
- EC2 -> Instances -> `docker-ec2` -> Actions -> Security -> Modify IAM Role
|
||||||
|
- Create New IAM Role
|
||||||
|
- Use Case:
|
||||||
|
- EC2
|
||||||
|
- Allows EC2 instances to call AWS services on your behalf.
|
||||||
|
- Attach permissions policies
|
||||||
|
- SecretsManagerReadWrite
|
||||||
|
- AmazonS3FullAccess
|
||||||
|
- Name: `ec2-services-role`
|
||||||
|
- Save
|
||||||
|
3. Deploy
|
||||||
|
4. Test -> OK
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -1,11 +1,7 @@
|
|||||||
package net.shyshkin.study.fullstack.supportportal.backend.config;
|
package net.shyshkin.study.fullstack.supportportal.backend.config;
|
||||||
|
|
||||||
import com.amazonaws.auth.AWSCredentials;
|
|
||||||
import com.amazonaws.auth.AWSStaticCredentialsProvider;
|
|
||||||
import com.amazonaws.auth.BasicAWSCredentials;
|
|
||||||
import com.amazonaws.services.s3.AmazonS3;
|
import com.amazonaws.services.s3.AmazonS3;
|
||||||
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
|
import com.amazonaws.services.s3.AmazonS3ClientBuilder;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.context.annotation.Profile;
|
import org.springframework.context.annotation.Profile;
|
||||||
@ -15,16 +11,7 @@ import org.springframework.context.annotation.Profile;
|
|||||||
public class AmazonConfig {
|
public class AmazonConfig {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public AmazonS3 s3(@Value("${app.amazon-s3.access-key}") String accessKey,
|
public AmazonS3 s3() {
|
||||||
@Value("${app.amazon-s3.secret-key}") String secretKey,
|
return AmazonS3ClientBuilder.defaultClient();
|
||||||
@Value("${app.amazon-s3.region}") String region) {
|
|
||||||
|
|
||||||
AWSCredentials awsCredentials =
|
|
||||||
new BasicAWSCredentials(accessKey, secretKey);
|
|
||||||
return AmazonS3ClientBuilder
|
|
||||||
.standard()
|
|
||||||
.withRegion(region)
|
|
||||||
.withCredentials(new AWSStaticCredentialsProvider(awsCredentials))
|
|
||||||
.build();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -135,9 +135,6 @@ spring:
|
|||||||
on-profile: image-s3
|
on-profile: image-s3
|
||||||
app:
|
app:
|
||||||
amazon-s3:
|
amazon-s3:
|
||||||
access-key: ${AMAZON_S3_ACCESS_KEY}
|
|
||||||
secret-key: ${AMAZON_S3_SECRET_KEY}
|
|
||||||
region: eu-north-1
|
|
||||||
bucket-name: portal-user-profile-images
|
bucket-name: portal-user-profile-images
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user