VPC Endpoint Support
Closed this issue · 5 comments
For security reasons, I have the need to access KMS via a newly created VPC Endpoint.
I believe all that is involved is modifying how the AWSKMS bean is created in KmsConfiguration.
Here's a sample I have working outside of this starter.
`class KmsConfig {
@Value("${kms.endpoint}")
private String kmsEndpoint;
@Value("#{T(com.amazonaws.regions.Regions).fromName('${aws.region}')}")
private Regions region;
@Bean
public AWSKMS kms() {
return AWSKMSClientBuilder.standard().withEndpointConfiguration(new EndpointConfiguration(kmsEndpoint, Region.getRegion(region).getName())).build();
}
}
`
I'm open to doing a pull request. I would have to manage the case where no endpoint is provided, thus back to the original default endpoint implementation.
Hi @davidtkaczyk69,
as you said, exchanging the AWSKMS bean with a custom one is easy, since @ConditionalOnMissingBean(AWSKMS.class) is used in the library configuration.
Anyway I think first-class support for VPC endpoints, controlled by some optional property would be a great addition to the library as well. I'm happy to support and review any pull request.
Best regards,
André
OK, starting to work on this change. I have forked, but don't see where/how to assign the issue to myself.
done, I guess you probably lack permissions
Pull request was created. First one ever, so hopefully I was able to follow the standard procedure properly. Open to suggestions with regard to property/bean creation and usage.