Use AWS Parameter Store Values for Quarkus Lambda Datasource Credential

1. Introduction

In this example, we are running a Quarkus application as a microservice on top of an AWS Lambda function. If you are wondering how to do that, you can follow this article .

A microservice would often need to access the database. Still, the problem with AWS Lambda is that there is no way to fetch the username/password credentials directly from the AWS Parameter Store (this is not an issue when using a container in ECS).

2. Parameter Store

Make sure to create the following keys:

  • /dev/ct-quarkus-service/DB_USERNAME
  • /dev/ct-quarkus-service/DB_PASSWORD

3. Code Review

3.1 Add a dependency to AWS SSM.

<dependency>
<groupId>io.quarkiverse.amazonservices</groupId>
<artifactId>quarkus-amazon-ssm</artifactId>
<version>${quarkus-amazon-ssm.version}</version>
</dependency>

3.2 Create the SSM Client.

public class SsmProvider {

public Map<String, String> getSecretParams(List<String> paramsNames) {

final SsmClient ssmClient = SsmClient.builder()
.credentialsProvider(AwsCredentialsProviderChain
.of(EnvironmentVariableCredentialsProvider.create()))
.region(new SystemSettingsRegionProvider().getRegion())
.build();

GetParametersResponse parametersResponse = ssmClient.getParameters(
GetParametersRequest.builder()
.names(paramsNames)
.withDecryption(true)
.build());

ssmClient.close();

return parametersResponse.parameters().stream()
.collect(toMap(Parameter::name, Parameter::value));
}
}

3.3 Implement the CredentialsProvider.



(“ssm-credentials-provider”)

public class SsmCredentialsProvider implements CredentialsProvider {

(name = “ct.datasource.username”)
String username;

(name = “ct.datasource.password”)
String password;


public Map <String, String> getCredentials(String credentialsProviderName) {
SsmProvider ssmProvider = new SsmProvider();
Map <String, String> properties = new HashMap<>();

List <String> ssmParamsNames = List.of(username, password);
Map <String, String> secretParams = ssmProvider.getSecretParams(ssmParamsNames);

properties.put(USER_PROPERTY_NAME, secretParams.get(username));
properties.put(PASSWORD_PROPERTY_NAME, secretParams.get(password));

return properties;
}
}

3.4 Update the application.yml.

quarkus:
application:
name: ct-quarkus-service
datasource:
credentials-provider: custom
credentials-provider-name: ssm-credentials-provider
db-kind: mysql
jdbc:
url: xxx
ct:
datasource:
username: ${DB_USERNAME:/dev/ct-quarkus-service/DB_USERNAME}
password: ${DB_PASSWORD:/dev/ct-quarkus-service/DB_PASSWORD}

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store