[英]How do I connect to my AWS DynamoDB instance from a Spring Java Elastic Beanstalk app?
I am dabbling with DynamoDB and have written an application using Spring Boot. 我正在研究DynamoDB,并已使用Spring Boot编写了一个应用程序。
I have developed it locally (on my own desktop) connecting to my own instance of DynamoDB also running locally. 我已经在本地(在自己的桌面上)开发了它,并连接到也在本地运行的DynamoDB实例。 My connection info is held in a properties file in
resources
(included in the classpath). 我的连接信息保存在
resources
(包含在类路径中)的属性文件中。
I want to run it on Elastic Beanstalk in AWS to connect to a AWS-hosted DynamoDB instance. 我想在AWS的Elastic Beanstalk上运行它以连接到AWS托管的DynamoDB实例。
What should I put in my properties file? 我应该在属性文件中放入什么? or better yet, does AWS make it easy to have environment-specific properties?
还是更好,AWS是否使拥有特定于环境的属性变得容易? I would, for example, prefer to not have to hold my live instance access keys in a plain text file in source control.
例如,我宁愿不必在源代码管理的纯文本文件中保存我的实时实例访问键。 Or should I roll my own mechanism?
还是我应该运用自己的机制?
This question is really two questions: 1) How to connect a Java application to an AWS Dynamo DB instance and 2) How to securely manage credentials. 这个问题实际上是两个问题:1)如何将Java应用程序连接到AWS Dynamo数据库实例,以及2)如何安全地管理凭证。
For 1 it is pretty straightforward, there is a java AWS SDK that provides an interface for connecting to Dynamo instances. 对于1来说,它非常简单,有一个Java AWS开发工具包提供了一个用于连接Dynamo实例的接口。 The main way is to export some AWS credentials as environment variables, and then the AWS SDK will pick them up and authenticate automatically:
主要方法是将一些AWS凭证导出为环境变量,然后AWS开发工具包将获取它们并自动进行身份验证:
export AWS_ACCESS_KEY_ID=your_access_key_id
export AWS_SECRET_ACCESS_KEY=your_secret_access_key
Then you can instantiate a Dynamo client in your code: 然后,您可以在代码中实例化Dynamo客户端:
AmazonDynamoDB client = AmazonDynamoDBClientBuilder.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(
"http://localhost:8000",
"us-west-2"))
.build();
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/CodeSamples.Java.html https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/CodeSamples.Java.html
For 2, there is no one correct answer. 对于2,没有一个正确的答案。 I do agree with you that putting credentials in plain text in the repo is not a great way to go.
我确实同意您的看法,将凭证以纯文本格式存储在回购中并不是一个好方法。 There are several better ways.
有几种更好的方法。 The basic idea is that you would encrypt the text file holding your secrets in the repo and then decrypt it when deploying.
基本思想是,您将加密存储库中包含机密信息的文本文件,然后在部署时将其解密。 This decryption can be done manually or in some kind of deploy script.
该解密可以手动完成,也可以通过某种部署脚本完成。 Look into AWS KMS services for AWS secrets management.
查看用于AWS机密管理的AWS KMS服务。 Unfortunately your question is too open-ended to answer more concretely.
不幸的是,您的问题过于开放,无法具体回答。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.