spring-cloud-aws icon indicating copy to clipboard operation
spring-cloud-aws copied to clipboard

Published 20 hours ago verified publisher icon spring-attic

Integration Between EKS IAM Roles And Spring Boot

Open ofek-levy opened this issue 5 years ago • 5 comments

Hi guys,

Is there a recommended way to integrate a Spring Boot application running on EKS with IAM authentication? We would like to enable our Spring Boot application to access AWS services (such as RDS, ES, etc.) with an IAM Access Token instead of using simple (insecure) username and password authentication.

Is there a configuration we can use (e.g. in the same way a connection string can be "just configured" in Spring)?

If not are you guy aware of another way to integrate Spring with EKS IAM Service Account Creds?

(The way IAM integrates with EKS is: An Identity Token is being mounted to the pod and the pod uses the Identity Token to receive AWS credentials in order to access AWS services.)

Thanks and Best Regard, Ofek.

ofek-levy avatar Sep 01 '20 18:09 ofek-levy

I think you are interesting in https://github.com/spring-cloud/spring-cloud-aws/pull/617

eddumelendez avatar Sep 15 '20 02:09 eddumelendez

@eddumelendez referenced PR is now closed. Does spring-cloud-aws work with EKS ServiceAccount provided roles? I could not find aws-sdk-sts included anywhere, which is a requirement for this EKS+IAM to work

Fodoj avatar Nov 27 '20 16:11 Fodoj

Its closed but not merged. The issue still remains. We are happy to take a new PR.

maciejwalkowiak avatar Nov 27 '20 16:11 maciejwalkowiak

@maciejwalkowiak is there a workaround to make it work, without patching spring-cloud?

Fodoj avatar Nov 27 '20 16:11 Fodoj

I am not 100% sure if its enough byt you can provide custom credentials provider bean, just name it "credentialsProvider".

maciejwalkowiak avatar Nov 27 '20 18:11 maciejwalkowiak