Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/src/main/asciidoc/appconfig.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -112,8 +112,8 @@ org.springframework.boot.BootstrapRegistryInitializer=com.app.AppConfigBootstrap
----


If you want to use autoconfigured `AppConfigDataClient` but change underlying SDKClient or `ClientOverrideConfiguration` you will need to register bean of type `AppConfigClientCustomizer`:
Autoconfiguration will configure `AppConfigDataClient` Bean with provided values after that, for example:
If you want to use the auto-configured `AppConfigDataClient` but change the underlying SDK client or `ClientOverrideConfiguration`, you will need to register a bean of type `AppConfigClientCustomizer`.
Auto-configuration will then configure the `AppConfigDataClient` bean with the provided values. For example:

[source,java]
----
Expand Down
8 changes: 4 additions & 4 deletions docs/src/main/asciidoc/cloudwatch.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ To send metrics to CloudWatch add a dependency to `micrometer-registry-cloudwatc

Additionally, CloudWatch integration requires a value provided for `management.cloudwatch.metrics.export.namespace` configuration property.

Following configuration properties are available to configure CloudWatch integration:
The following configuration properties are available to configure CloudWatch integration:

[cols="3*", options="header"]
|===
Expand All @@ -22,15 +22,15 @@ Following configuration properties are available to configure CloudWatch integra

|management.cloudwatch.metrics.export.namespace
|
|The namespace which will be used when sending metrics to CloudWatch. This property is needed and must not be null.
|The namespace used when sending metrics to CloudWatch. This property is required and must not be null.

|management.cloudwatch.metrics.export.step
|1m
|The interval at which metrics are sent to CloudWatch. The default is 1 minute.

|spring.cloud.aws.cloudwatch.enabled
|true
|If CloudWatch integration should be enabled. This property should be likely set to `false` for a local development profile.
|Whether CloudWatch integration is enabled. This property should typically be set to `false` for local development profiles.

|spring.cloud.aws.cloudwatch.endpoint
|
Expand Down Expand Up @@ -89,6 +89,6 @@ CloudWatchAsyncClientCustomizer customizer() {

`CloudWatchAsyncClientCustomizer` is a functional interface that enables configuring `CloudWatchAsyncClientBuilder` before the `CloudWatchAsyncClient` is built in auto-configuration.

There can be multiple `CloudWatchAsyncClientCustomizer` beans present in single application context. `@Order(..)` annotation can be used to define the order of the execution.
There can be multiple `CloudWatchAsyncClientCustomizer` beans present in a single application context. The `@Order(..)` annotation can be used to define the order of execution.

Note that `CloudWatchAsyncClientCustomizer` beans are applied **after** `AwsAsyncClientCustomizer` beans and therefore can overwrite previously set configurations.
2 changes: 1 addition & 1 deletion docs/src/main/asciidoc/contributing.adoc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
NOTE: Spring Cloud AWS is released under the non-restrictive Apache 2.0 license. If you would like to contribute to this section of the documentation or if you find an error, please find the source code and issue trackers in the project at https://github.com/awspring/spring-cloud-aws[github].
NOTE: Spring Cloud AWS is released under the non-restrictive Apache 2.0 license. If you would like to contribute to this section of the documentation or if you find an error, please find the source code and issue tracker in the project at https://github.com/awspring/spring-cloud-aws[GitHub].
14 changes: 7 additions & 7 deletions docs/src/main/asciidoc/core.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public interface AwsCredentialsProvider {
}
----

There are 3 ways in which the `AwsCredentialsProvider` in Spring Cloud AWS can be configured:
There are three ways in which the `AwsCredentialsProvider` in Spring Cloud AWS can be configured:

1. `DefaultCredentialsProvider`
2. `StsWebIdentityTokenFileCredentialsProvider` - recommended for EKS
Expand All @@ -47,7 +47,7 @@ By default, Spring Cloud AWS starter auto-configures a `DefaultCredentialsProvid
2. Environment Variables - `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
3. Web Identity Token credentials from system properties or environment variables
4. Credential profiles file at the default location (`~/.aws/credentials`) shared by all AWS SDKs and the AWS CLI
5. Credentials delivered through the Amazon EC2 container service if `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI`" environment variable is set and security manager has permission to access the variable,
5. Credentials delivered through the Amazon EC2 container service if the `AWS_CONTAINER_CREDENTIALS_RELATIVE_URI` environment variable is set and the security manager has permission to access the variable,
6. Instance profile credentials delivered through the Amazon EC2 metadata service

If it does not serve your project needs, this behavior can be changed by setting additional properties:
Expand Down Expand Up @@ -116,7 +116,7 @@ STS credentials configuration supports following properties:

==== Custom AwsCredentialsProvider

It is also possible to configure custom `AwsCredentialsProvider` bean which will prevent Spring Cloud AWS from auto-configuring credentials provider:
It is also possible to configure a custom `AwsCredentialsProvider` bean, which will prevent Spring Cloud AWS from auto-configuring a credentials provider:

[source,java,indent=0]
----
Expand Down Expand Up @@ -146,7 +146,7 @@ public interface AwsRegionProvider {
}
----

By default, Spring Cloud AWS starter auto-configures a `DefaultAwsRegionProviderChain`, which looks resolves AWS region in this order:
By default, Spring Cloud AWS starter auto-configures a `DefaultAwsRegionProviderChain`, which resolves the AWS region in this order:

1. Check the `aws.region` system property for the region.
2. Check the `AWS_REGION` environment variable for the region.
Expand Down Expand Up @@ -175,10 +175,10 @@ If it does not serve your project needs, this behavior can be changed by setting

|spring.cloud.aws.region.profile.path
|`~/.aws/credentials`
|The file path where the profile configuration file is located. Defaults to `~/.aws/credentials` if value is not provided
|The file path where the profile configuration file is located. Defaults to `~/.aws/credentials` if a value is not provided
|===

It is also possible to configure custom `AwsRegionProvider` bean which will prevent Spring Cloud AWS from auto-configuring region provider:
It is also possible to configure a custom `AwsRegionProvider` bean, which will prevent Spring Cloud AWS from auto-configuring a region provider:

[source,java,indent=0]
----
Expand Down Expand Up @@ -256,7 +256,7 @@ AwsAsyncClientCustomizer awsAsyncClientCustomizer() {
}
----

There can be multiple customizer beans present in single application context and all of them will be used to configure AWS clients. If order of customizer matters, use `@Order` annotation on customizer beans.
There can be multiple customizer beans present in a single application context, and all of them will be used to configure AWS clients. If the order of customizers matters, use the `@Order` annotation on customizer beans.

Client-specific customizations can be applied through client-specific customizer interfaces (for example `S3ClientCustomizer` for S3). See integrations documentation for details.

Expand Down
20 changes: 10 additions & 10 deletions docs/src/main/asciidoc/dynamodb.adoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
[#spring-cloud-aws-dynamoDb]
== DynamoDb Integration

https://aws.amazon.com/dynamodb/[DynamoDb] is a fully managed serverless key/value Nosql database designed for high performance.
https://aws.amazon.com/dynamodb/[DynamoDB] is a fully managed, serverless, key-value NoSQL database designed for high performance.
A Spring Boot starter is provided to auto-configure DynamoDb integration beans.

Maven coordinates, using <<index.adoc#bill-of-materials, Spring Cloud AWS BOM>>:
Expand All @@ -14,15 +14,15 @@ Maven coordinates, using <<index.adoc#bill-of-materials, Spring Cloud AWS BOM>>:
</dependency>
----

DynamoDb integration will only provide autoconfiguration and simple `DynamoDbOperations` which can be used to communicate with DynamoDb, build repositories and so on...
The DynamoDB integration provides auto-configuration and a `DynamoDbOperations` interface that can be used to communicate with DynamoDB, build repositories, and more.

=== DynamoDbOperations

The starter automatically configures and registers a `DynamoDbOperations` bean providing higher level abstractions for working with DynamoDb.
`DynamoDbTemplate` - a default `DynamoDbOperations` implementation - being built on top of `DynamoDbEnhancedClient` uses annotations provided by AWS.
The list of supported annotations can be found https://sdk.amazonaws.com/java/api/latest/software/amazon/awssdk/enhanced/dynamodb/mapper/annotations/package-summary.html[here].

`DynamoDbEnchancedClient` supports a programming model similar to JPA - where a class is turned into an entity through applying certain annotations:
`DynamoDbEnhancedClient` supports a programming model similar to JPA, where a class is turned into an entity by applying certain annotations:

[source,java]
----
Expand Down Expand Up @@ -72,9 +72,9 @@ To use a custom implementation, declare a bean of type `DynamoDbTableNameResolve

==== Resolving Table Schema

To resolve a table schema for an entity, `DynamoDbTemplate` uses a bean of type `DynamoDbTableSchemaResolver`. The default implementation caches `TableSchema` objects in internal map.
To resolve a table schema for an entity, `DynamoDbTemplate` uses a bean of type `DynamoDbTableSchemaResolver`. The default implementation caches `TableSchema` objects in an internal map.
To use custom implementation, declare a bean of type `DynamoDbTableSchemaResolver` and it will get injected into `DynamoDbTemplate` automatically during auto-configuration.
To register a custom table schema for a DynamoDB entity a bean of type `TableSchema` should be created:
To register a custom table schema for a DynamoDB entity, a bean of type `TableSchema` should be created:
[source, java]
----
@Configuration
Expand All @@ -91,9 +91,9 @@ IMPORTANT: Because of classloader related https://github.com/aws/aws-sdk-java-v2

=== Using DynamoDb Client

Autoconfiguration automatically configures `DynamoDbClient` which can be used for low level api calls and `DynamoDbEnhancedClient` if `DynamoDbOperations` are not enough.
Auto-configuration automatically configures a `DynamoDbClient` for low-level API calls, and a `DynamoDbEnhancedClient` when `DynamoDbOperations` are not sufficient.

If autoconfigured `DynamoDbClient` or `DynamoDbEnhancedClient` bean configuration does not meet your needs, it can be replaced by creating your custom bean.
If the auto-configured `DynamoDbClient` or `DynamoDbEnhancedClient` bean configuration does not meet your needs, it can be replaced by declaring a custom bean.

[source,java]
----
Expand Down Expand Up @@ -178,14 +178,14 @@ DynamoDbClientCustomizer customizer() {

`DynamoDbClientCustomizer` is a functional interface that enables configuring `DynamoDbClientBuilder` before the `DynamoDbClient` is built in auto-configuration.

There can be multiple `DynamoDbClientCustomizer` beans present in single application context. `@Order(..)` annotation can be used to define the order of the execution.
There can be multiple `DynamoDbClientCustomizer` beans present in a single application context. The `@Order(..)` annotation can be used to define the order of execution.

Note that `DynamoDbClientCustomizer` beans are applied **after** `AwsSyncClientCustomizer` beans and therefore can overwrite previously set configurations.

=== IAM Permissions

Since it depends on how you will use DynamoDb integration providing a list of IAM policies would be pointless since least privilege model should be used.
To check what IAM policies DynamoDb uses and see which ones you should use please check https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/using-identity-based-policies.html[IAM policies]
Since the required IAM permissions depend on which DynamoDB operations you use, a definitive list cannot be provided here. The principle of least privilege should be applied.
For a full list of available DynamoDB IAM policies, see https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/using-identity-based-policies.html[IAM policies for DynamoDB].

[#spring-integration-support]
=== Spring Integration Support
Expand Down
17 changes: 8 additions & 9 deletions docs/src/main/asciidoc/imds.adoc
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
[#spring-cloud-aws-imds]
== Instance Metadata Service Integration

Spring Cloud AWS applications can use the Instance MetaData Service (IMDS) to acquire EC2 instance metadata when running within an EC2-based compute environment. This metadata can be used for a wide variety of reasons, including detecting the availability zone, public IP address, MAC address, and so on. When available, properties can be referenced using the @Value annotation:
Spring Cloud AWS applications can use the Instance Metadata Service (IMDS) to acquire EC2 instance metadata when running within an EC2-based compute environment. This metadata can be used for a wide variety of purposes, including detecting the availability zone, public IP address, MAC address, and more. When available, properties can be referenced using the `@Value` annotation:

[source,java]
----
@Value("${placement/availability-zone}") String availabilityZone;
@Value("${public-ipv4"}") String publicIPAddress;
@Value("${public-ipv4}") String publicIPAddress;
@Value("${mac}") String macAddress;
----

A full list of instance metadata tags is available in the AWS reference documentation at link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html[AWS EC2 User Guide - Instance Metadata Categories]. Spring Cloud AWS always retrieves the "latest" categories of metadata and removes the prefix so that "/latest/meta-data/instance-id" is available as "instance-id". The "spring.cloud.aws" prefix is also omitted.
A full list of instance metadata categories is available in the AWS reference documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-categories.html[AWS EC2 User Guide - Instance Metadata Categories]. Spring Cloud AWS always retrieves the "latest" categories of metadata and removes the prefix so that `/latest/meta-data/instance-id` is available as `instance-id`. The `spring.cloud.aws` prefix is also omitted.

=== Enabling

To enable instance metadata, add the spring-cloud-aws-starter-imds starter.
To enable instance metadata, add the `spring-cloud-aws-starter-imds` starter.

[source,xml]
----
Expand All @@ -24,20 +24,20 @@ To enable instance metadata, add the spring-cloud-aws-starter-imds starter.
</dependency>
----

This adds the software.amazon.awssdk/imds dependency to the classpath which is used to query the IMDS. Depending on resources, metadata loading can add a half-second delay to application start time. Loading can be explicitly disabled by setting spring.cloud.aws.imds.enabled propery:
This adds the `software.amazon.awssdk:imds` dependency to the classpath, which is used to query the IMDS. Depending on available resources, metadata loading can add up to half a second to application startup time. Loading can be explicitly disabled by setting the `spring.cloud.aws.imds.enabled` property:

[source,properties]
----
spring.cloud.aws.imds.enabled=false
----

Instance metadata is generally available on any EC2-based compute environment, which includes EC2, Elastic Beanstalk, Elastic Container Service (ECS), Elastic Kubernetes Service (EKS), etc. It is not available in non-EC2 environments such as Lambda or Fargate. Even within EC2-based compute environments instance metadata may be disabled or may be subject to an internal firewall which prohibits it. Whenever instance metadata is unavailable, including when running on a local environment, the autoconfiguration process silently ignores its absence.
Instance metadata is generally available in any EC2-based compute environment, including EC2, Elastic Beanstalk, Elastic Container Service (ECS), and Elastic Kubernetes Service (EKS). It is not available in non-EC2 environments such as Lambda or Fargate. Even within EC2-based environments, instance metadata may be disabled or subject to an internal firewall. Whenever instance metadata is unavailableincluding when running locally — the auto-configuration process silently ignores its absence.

=== Considerations

Instance metadata is retrieved on a best effort basis and not all keys are always available. For example, the "ipv6" key would only be present if IPv6 addresses were being used, "public-hostname" would only be available for instances running in public subnets with DNS hostnames enabled.
Instance metadata is retrieved on a best-effort basis and not all keys are always present. For example, the `ipv6` key would only be present if IPv6 addresses are in use, and `public-hostname` would only be available for instances running in public subnets with DNS hostnames enabled.

Instance metadata is retrieved at application start time and is not updated as the application runs. Both IDMS v1 and v2 are supported. Certain keys / ranges are not retrieved, including "block-device-mapping/\*", "events/\*", "iam/security-credentials/\*", "network/interfaces/\*", "public-keys/\*", "spot/\*" for various reasons including security. For example, Some keys such as "spot/termination-time" are only reliable if polled on an interval; presenting their static values obtained at startup time would be deceptive. If you have such a requirement, consider polling the key yourself using the Ec2MetadataClient from the SDK:
Instance metadata is retrieved at application startup and is not updated while the application is running. Both IMDSv1 and IMDSv2 are supported. Certain key ranges are not retrieved, including `block-device-mapping/*`, `events/*`, `iam/security-credentials/*`, `network/interfaces/*`, `public-keys/*`, and `spot/*`, for various reasons including security. For example, keys such as `spot/termination-time` are only meaningful if polled on an interval; presenting their static values obtained at startup would be misleading. If you have such a requirement, consider polling the key directly using the `Ec2MetadataClient` from the AWS SDK:

[source,java]
----
Expand All @@ -48,4 +48,3 @@ import software.amazon.awssdk.imds.Ec2MetadataResponse;
@Autowired Ec2MetadataClient client;
client.get("/latest/meta-data/spot/termination-time");
----

Loading