是否可以使用 JNDI 从 Tomcat 访问 AWS Secret Manager? [英] Can AWS Secret Manager be accessed from Tomcat using JNDI?
问题描述
我们在 Tomcat 上部署了一个 WAR 文件,并且通过 JNDI 获取了数据库凭据.现在必须将此 WAR 移至 AWS 云,并且要求必须将 db 凭证存储在 AWS Secret Manager 中.我的问题是我可以继续使用 JNDI/Tomcat 和 Secret Manager 吗?我知道 AWS SM 有 API 和 SDK 可以访问它,可以以某种方式与 JNDI/Tomcat 集成吗?我看到的所有帖子都提到直接从代码中使用 API/SDK,但我没有发现任何关于服务器集成的内容.从代码访问 AWS SM 真的是最好的方法吗?谢谢.旁注 - 由于某种我不知道的原因,我们不能使用 BeanStalk,它只是 EC2 实例上的 Tomcat.
We have a WAR file deployed on Tomcat and the database credentials are fetched through JNDI. This WAR now has to be moved to AWS cloud, and the requirement is db credentials has to be stored in AWS Secret Manager. My question is can I continue using JNDI/Tomcat along with Secret Manager ? I understand AWS SM has API and SDKs to access it, can that be integrated with JNDI/Tomcat somehow ? All posts I have seen mentions using the API/SDK directly from code, none i have found say anything about server integration. Is accessing AWS SM from code really the best way to do it ? Thanks. A side note - for some reason unknown to me, we cannot use BeanStalk, it is just Tomcat on an EC2 instance.
推荐答案
也许您可以使用 JDBC 驱动程序包装器:https://github.com/aws/aws-secretsmanager-jdbc.如果您使用的是连接池管理器,您可以按照 README 中的示例将 JDBC 库替换为包装库,并在配置中指定密钥.然后包装器将检索秘密并将其传递给真正的 JDBC 库.
Maybe you could use the JDBC driver wrapper: https://github.com/aws/aws-secretsmanager-jdbc. If you are using a connection pool manager you can follow the example in the README and replace the JDBC library with the wrapper library, specifying the secret in the configuration. The wrapper will then retrieve the secret and pass it to the real JDBC library.
如果您没有使用连接池管理器,您仍然可以用包装器替换现有的 JDBC 驱动程序,但这需要一些代码修改.
If you are not using a connection pool manager, you could still replace the existing JDBC driver with the wrapper, but this would take some code modifications.
通过使用包装器,您还可以打开数据库密码的自动轮换,因为包装器知道在更改后重新获取秘密.
By using the wrapper, you can also turn on auto-rotation on the DB password since the wrapper knows to re-fetch the secret after it changes.
这篇关于是否可以使用 JNDI 从 Tomcat 访问 AWS Secret Manager?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
