Repository files navigation

Dropwizard SSM allowsAWS's Simple System Management parameters parameters to be used for variable substitution within Dropwizardconfigurations.

A common way to provide environment specific configuration values to your Dropwizard applicationis to use the built-inEnvironmentVariableSubstitutor, which will replace variables like${MY_ENV_VAR} with a valueloaded from the environment throughSystem.getenv("MY_ENV_VAR""). This is convenient, but requires you to update theenvironment variables on the machine running Dropwizard whenever you want to change the value. That's easy for somethinglike Docker containers, but doesn't work very well for virtual machines provisioned in a more traditional fashion, anddefinintely not for bare metal.

Furthermore, this is a security nightmare for sensitive data like database passwords. Writing those files out to thefilesystem or passing them in your launch means anyone that has access to the environment also knows the credentials.

By using Simple Systems Management parameter stores, we can store configuration values in a centralized location, usingKMS to encrypt values where needed, and IAM permissions to control who has access to those parameters. When we want toupdate a configuration value, we just need to update it in one place -- no need to update the runtime environment onyour servers!

Note: At this time, this library does not provide a way to dynamically update configuration values at runtime.
Variable substitution happens on startup, so the configuration class will contain the value that was there when theapplication starts. Unfortunately, this means you still need to restart your service whenever a critical value changes.

Similar to environment variable substitution, the variables in your configuration file should match the fully-qualifiedname of the paramter that contains the value.

Add the Maven dependency:

  <dependency>    <groupId>org.ajbrown.dropwizard</groupId>    <artifactId>dropwizard-ssm</artifactId>    <version>1.0</version>  </dependency>

Add fully-qualified parameter names to your configuration:

database:driverClass:com.mysql.cj.jdbc.Driverurl:${JDBC_URL:-jdbc:mysql://localhost/my-database}user:${/myapp/database-user}password:${/myapp/database-user}

Register SSM configuration variable substitution:

// Enable variable substitution with AWS Simple Systems Managementbootstrap.setConfigurationSourceProvider(newSubstitutingSourceProvider(bootstrap.getConfigurationSourceProvider(),newSsmSubstitutor(false)        )    );

You can also use this substitutor (and any other well-built substitutor) alongside the built in environment variablesubstitutor. In my configuration above, I'm actually expecting that the JDBC_URL is provided by an environment variable,while the username and passwords are provided by a parameter store. You can chain substitutors together to accomplishthis.

// Enable variable substitution with environment variablesbootstrap.setConfigurationSourceProvider(newSubstitutingSourceProvider(bootstrap.getConfigurationSourceProvider(),newEnvironmentVariableSubstitutor(false)        )    );// Enable variable substitution with AWS Simple Systems Managementbootstrap.setConfigurationSourceProvider(newSubstitutingSourceProvider(bootstrap.getConfigurationSourceProvider(),newSsmSubstitutor(false)        )    );

Often, you want to use the same configuration file across multiple environments, but have different values substituteddepending on the environment. To support this, you can set a "namesspace prefix" during configuration. When provided,Dropwizard SSM will add this prefix to all parameter names it uses.

bootstrap.setConfigurationSourceProvider(newSubstitutingSourceProvider(bootstrap.getConfigurationSourceProvider(),newSsmSubstitutor(false,System.getenv("ENV") +"/")        )    );