ECSClient credentials provider to connect to ecs cluster to get tasks

Question

My spring boot application will get deployed into the ecs cluster. From the same application, I wanted to find the list of tasks/service using ECSClient java sdk. 
I want to create th ECSClient . Which credentials provider should I use if calling apis from ecs within the same application? Will EcsClient.create() will work. 
In sdk we have different clientcredentials available like AWSCLientCredentials, ProfileClientCredentials. However for me calling from ecs within same application which is deployed. please provide me guidance over here, how to create ECS Client in java in this case.

Answer

you don't need to pass any credential to your spring application (even it is dangerous). Your application run on ECS so, your application can use the task execution role, the task role grants additional AWS permissions required by your application once the container is started. So you can on task Role attach the ECS permission. 
 
Example using Terraform as IAC

```
resource "aws_iam_policy" "example-policy" {
  name        = "example"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "application-autoscaling:DescribeScalableTargets",
          "ecs:ListServices",
          "ecs:UpdateService",
          "ecs:ListTasks",
          "ecs:DescribeServices",
          "ecs:DescribeTasks",
          "ecs:DescribeClusters",
          "ecs:ListClusters",
        ]
        Effect   = "Allow"
        Resource = "*"
      }
    ]
  })
}
```

Answer

Just create the client as you would anywhere, The SDK will figure out that it's "in" an ECS task and get the credentials from its metadata.

Depending on what you're doing, the metadata endpoint might be enough so you might not need this at all 😊
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-metadata-endpoint.html

Good luck!

ECSClient credentials provider to connect to ecs cluster to get tasks

相关内容