The KickStarter
Published in

The KickStarter

How to make a spring boot microservice AWS ready

Managed services are the main reason why we choose a cloud over other ways of hosting. No one chooses AWS just for booting up an EC2 instance and run an apache server in it. We want to reap the benefits of having highly available cloud storage like S3 or a completely managed Relational database through RDS. And every product needs a few custom logic which demands a room full of minions coding. These handcrafted applications called microservices need to communicate with all other cloud components we have chosen in our architecture. Together they will create wonders which our rusty old monoliths running on-premise failed to do.

I am sure you may have spent a few sleepless nights torn between AWS and GCP. You are here ‘Neo’ because you have chosen wisely. So the reason why I write this story is to help you with the next big decision making. How to integrate your Spring Boot microservice with AWS.

Why do we need to integrate our microservices with AWS?

If you don’t use any of the managed services of AWS then you are not doing cloud right. So eventually you will be using S3 or Simple Notification Service or Simple Queue Service to unleash the full potential of the cloud.

In all these cases you must authenticate your application and manage permissions to allow or deny certain AWS managed services.

Why using EC2 instance role is a bad idea?

Some may argue that running our microservice inside an EC2 and using the roles of EC2 is the way to go. Spring boot has the capability to assume the same roles of the underlying EC2 instance.

But EC2 roles based microservice has the following disadvantages

  1. No clear separation of permissions between different microservices running in same EC2 instance
  2. Microservice specific audit trail is not possible

An IAM user for each microservice

So how do we solve the above 2 hazardous issues? We create an IAM user and enable programmatic access. For each microservice create an IAM user with the service name and narrow down the permissions. Enable programmatic access to get access key and secret key for configuring Spring boot.

If a service should access only S3 we can enable only that. Another service might need Simple Queue Service for messaging and Simple Notification Service for emails, we can restrict the access only to these services.

And the best practice is to automate the microservice stack creation using cloudformation even if it is just IAM that the service needs. Access Key can be created manually from the console to simplify things instead of using encryption or secrets.

Spring boot AWS integration

After the secret key is created all we need to do in our Spring boot microservice is add maven dependency org.springframework.cloud:spring-cloud-aws-context. Then add the below properties to application’s environment variables.

cloud.aws.credentials.accessKey=ABCD0123456789
cloud.aws.credentials.secretKey=127812HAHJS2727272
cloud.aws.region.static=ap-south-1

Create an AwsConfig like below and you are good to go.

Sample for S3 integration

To setup the application for different environments run the cloudformation stack, create the access key and configure the above properties in the docker environment of the microservice.

Multi Region setup

When running the microservice in multiple regions we can simply set the cloud.aws.region.static property.

Including EC2 based lookup for region means we have to declare some beans to make the application work for local environment. Which in my humble opinion is unnecessary.

The sample code can be found in the below github repository

Try these articles which might help you in your microservice journey.

--

--

--

A place for passionate writers, innovators, entrepreneurs, digital marketers, side hustlers, and anyone who is ready to help people solve their problems.

Recommended from Medium

Kiwicode startup story(10): Create the backend of your app.

How to solve broken migration history in Django

ASP.NET Core Identity

The 3 Problems of Motivation

Coding for the Non-Coders — Your First Lesson — The ‘if-else’ condition

How to choose the best software outsourcing company in 2021

HashiCorp Workshop Materials

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Richy Great

Richy Great

Father, Software Architect and a Story teller

More from Medium

Deploy a Java Lambda Function and API Gateway with AWS CDK

Example of Spring Cloud Function with AWS Lambda

How to use AWS Lambda Functions with Java

AWS Batch Job Scheduling Using AWS EventBridge