AWS

[AWS] Springboot에 Secrets Manager 연동하기

동스토리 ㅣ 2023. 6. 21. 22:01

반응형

0. 개요

AWS EC2에 JAVA Spring Boot를 구축 후 AWS Secrets Manager에 저장된 값을 불러오는 방안을 알아보겠습니다. 해당 값을 사용하여 DB에 연결하는 등 다양한 용도로 사용할 수 있습니다.

 

1. 인스턴스 실행 후 Spring Boot 구축

인스턴스와 Spring Boot는 설치되어 있다고 가정하겠습니다.

 

2. 의존성 파일 추가

pom.xml에 의존성 파일을 추가합니다.

<dependency>
    <groupId>com.amazonaws.secretsmanager</groupId>
    <artifactId>aws-secretsmanager-jdbc</artifactId>
    <version>1.0.8</version>
</dependency>

 

3. Secrets Manager를 불러오기 위한 설정

application.yaml에 config 설정

cloud:
  aws:
    secretsmanager:
      endpoint: secretsmanager.ap-northeast-2.amazonaws.com
      region: ap-northeast-2
    credentials:
      access-key: "Your Accesskey"
      secret-key: "Your Secretkey"
    region:
      static: ap-northeast-2
    stack:
      auto: false

퍼블릭통신이 되지 않는 prviate subnet인 경우, secrets manager interface vpc endpoint를 생성하여 해당 endpoint를 "endpoint"에 넣어주시면 됩니다.

 

4. Repository 작성

SecretManagerRepositoryImpl.java에 아래 코드 삽입

package com.aws.example.awsdemo.secretmanager.repository;

import com.amazonaws.services.secretsmanager.AWSSecretsManager;
import com.amazonaws.services.secretsmanager.model.GetSecretValueRequest;
import com.amazonaws.services.secretsmanager.model.ResourceNotFoundException;
import com.aws.example.awsdemo.secretmanager.service.SecretManagerServiceImpl;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;



@Repository
public class SecretManagerRepositoryImpl implements SecretManagerRepository {

    private static final Logger log = LoggerFactory.getLogger(SecretManagerRepositoryImpl.class);

    private AWSSecretsManager secretsManager;

    @Autowired
    public SecretManagerRepositoryImpl(AWSSecretsManager secretsManager) {
        this.secretsManager = secretsManager;
    }

    @Override
    public String getSecretValue(String secretName) {
        try  {
            GetSecretValueRequest getSecretValueRequest  =  new GetSecretValueRequest().withSecretId(secretName);
            secretsManager.getSecretValue(getSecretValueRequest);
            ObjectMapper objectMapper  =  new  ObjectMapper();
            String secretValue= secretsManager.getSecretValue(getSecretValueRequest).getSecretString();
            JsonNode secretsJson  =  objectMapper.readTree(secretValue);
            String  host  =  secretsJson.get("host").textValue();
            String  port  =  secretsJson.get("port").textValue();
            String  dbname  =  secretsJson.get("dbClusterIdentifier").textValue();
            String  username  =  secretsJson.get("username").textValue();
            String  password  =  secretsJson.get("password").textValue();
            return secretValue;
        } catch(Exception e) {
            log.error("The requested secret "  +  secretName  +  " was not found");
            return "The requested secret "  +  secretName  +  " was not found";
        }
    }

}

 

5. Test를 위한 Controller 작성하기

SecretManagerController.java에 아래 코드 삽입

package com.aws.example.awsdemo.secretmanager.controller;

import com.aws.example.awsdemo.secretmanager.service.SecretManagerService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.io.IOException;

@RestController
@RequestMapping(value = "/secretManager")
public class SecretManagerController {

    private SecretManagerService awsService;

    @Autowired
    public SecretManagerController(SecretManagerService awsService) {
        this.awsService = awsService;
    }

    @GetMapping("/getSecretValue")
    public ResponseEntity<String> getSecretValue(@RequestParam(value = "secretName") String secretName) throws IOException {
        return new ResponseEntity<>(awsService.getSecretValue(secretName), HttpStatus.OK);
    }

}

 

6. Test

1) Maven을 사용하여 build

mvn clean spring-boot:run -Dspring-boot.run.profiles=local

2) API 호출로 SecretValue 확인

curl http://localhost:8080/secretManager/getSecretValue?secretName="your secret name"

 

감사합니다.

반응형

'AWS' 카테고리의 다른 글

[AWS] KMS symmetric key import  (0) 2023.06.27
[AWS] Secrets Manager를 사용한 IAM Access keys 자동 교체  (0) 2023.06.03
[AWS] AWS SSO SAML with Azure (AWS IAM Identity Center)  (0) 2023.05.30
[AWS] Secrets Manager 강제 삭제  (0) 2023.02.01
[AWS] EC2 인스턴스 Tag-based 관리 방법 - 2  (0) 2023.01.29
AWS 다른글

티스토리툴바