Use AWS Parameter Store Values for Quarkus Lambda Datasource Credential

1. Introduction

In this example, we are running a Quarkus application as a microservice on top of an AWS Lambda function. If you are wondering how to do that, you can follow this article .

A microservice would often need to access the database. Still, the problem with AWS Lambda is that there is no way to fetch the username/password credentials directly from the AWS Parameter Store (this is not an issue when using a container in ECS).

2. Parameter Store

Make sure to create the following keys:

  • /dev/ct-quarkus-service/DB_USERNAME
  • /dev/ct-quarkus-service/DB_PASSWORD

3. Code Review

3.1 Add a dependency to AWS SSM.


3.2 Create the SSM Client.

public class SsmProvider {

public Map<String, String> getSecretParams(List<String> paramsNames) {

final SsmClient ssmClient = SsmClient.builder()
.region(new SystemSettingsRegionProvider().getRegion())

GetParametersResponse parametersResponse = ssmClient.getParameters(


return parametersResponse.parameters().stream()
.collect(toMap(Parameter::name, Parameter::value));

3.3 Implement the CredentialsProvider.


public class SsmCredentialsProvider implements CredentialsProvider {

(name = “ct.datasource.username”)
String username;

(name = “ct.datasource.password”)
String password;

public Map <String, String> getCredentials(String credentialsProviderName) {
SsmProvider ssmProvider = new SsmProvider();
Map <String, String> properties = new HashMap<>();

List <String> ssmParamsNames = List.of(username, password);
Map <String, String> secretParams = ssmProvider.getSecretParams(ssmParamsNames);

properties.put(USER_PROPERTY_NAME, secretParams.get(username));
properties.put(PASSWORD_PROPERTY_NAME, secretParams.get(password));

return properties;

3.4 Update the application.yml.

name: ct-quarkus-service
credentials-provider: custom
credentials-provider-name: ssm-credentials-provider
db-kind: mysql
url: xxx
username: ${DB_USERNAME:/dev/ct-quarkus-service/DB_USERNAME}
password: ${DB_PASSWORD:/dev/ct-quarkus-service/DB_PASSWORD}



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store