Use spring-cloud-aws-autoconfigure without access key and secret key, but assume role?

Question

We have a spring cloud function deployed on AWS lambda. How can we get spring-cloud-aws-autoconfigure to work without access key and secret key, assuming the keys set by the lambda execution role instead?

If we use the autoconfigure, it always throws:

org.springframework.beans.factory.UnsatisfiedDependencyException:
Error creating bean with name
'org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaConfiguration':
Unsatisfied dependency expressed through constructor parameter 0;
nested exception is
org.springframework.beans.factory.BeanCreationException: Error
creating bean with name 'tarodb': Invocation of init method failed;
nested exception is com.amazonaws.SdkClientException: Unable to load
AWS credentials from any provider in the chain:
[com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@7e990ed7:
Unable to load credentials from service endpoint,
com.amazonaws.auth.profile.ProfileCredentialsProvider@821330f: profile
file cannot be null]

Thanks

Maciej Walkowiak Maciej Walkowiak · Accepted Answer · 2020-07-20T20:54:36

Currently you need to provide custom credentials provider bean that assumes role in order to prevent Spring Cloud AWS to create the default credentials provider (this bean specifically

You can take a look how to implement credentials provider that assumes role here. This PR will be merged in Spring Cloud AWS 2.3.

Use spring-cloud-aws-autoconfigure without access key and secret key, but assume role?

1 Answers