{"id":19243489,"url":"https://github.com/bootique/bootique-aws","last_synced_at":"2025-09-12T23:32:36.633Z","repository":{"id":57731505,"uuid":"135464032","full_name":"bootique/bootique-aws","owner":"bootique","description":"Bootique integration with AWS Java SDK","archived":false,"fork":false,"pushed_at":"2025-08-30T19:17:55.000Z","size":290,"stargazers_count":0,"open_issues_count":4,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-08-30T21:18:31.749Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bootique.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-05-30T15:37:52.000Z","updated_at":"2025-08-30T19:17:59.000Z","dependencies_parsed_at":"2023-02-08T05:31:33.944Z","dependency_job_id":"64e1276b-e9ba-40de-af2d-4235ca429716","html_url":"https://github.com/bootique/bootique-aws","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/bootique/bootique-aws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bootique%2Fbootique-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bootique%2Fbootique-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bootique%2Fbootique-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bootique%2Fbootique-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bootique","download_url":"https://codeload.github.com/bootique/bootique-aws/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bootique%2Fbootique-aws/sbom","scorecard":{"id":248038,"data":{"date":"2025-08-11","repo":{"name":"github.com/bootique/bootique-aws","commit":"a83f5f9ca6e6f635a04d07ae504f4b93b64a269d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":4,"reason":"5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/maven.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/bootique/bootique-aws/maven.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/maven.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/bootique/bootique-aws/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/bootique/bootique-aws/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/bootique/bootique-aws/maven.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/bootique/bootique-aws/maven.yml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/maven.yml:29"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T07:57:24.872Z","repository_id":57731505,"created_at":"2025-08-17T07:57:24.872Z","updated_at":"2025-08-17T07:57:24.872Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274893250,"owners_count":25369278,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-09T17:18:13.207Z","updated_at":"2025-09-12T23:32:36.598Z","avatar_url":"https://github.com/bootique.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!--\n  Licensed to ObjectStyle LLC under one\n  or more contributor license agreements.  See the NOTICE file\n  distributed with this work for additional information\n  regarding copyright ownership.  The ObjectStyle LLC licenses\n  this file to you under the Apache License, Version 2.0 (the\n  \"License\"); you may not use this file except in compliance\n  with the License.  You may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\n  Unless required by applicable law or agreed to in writing,\n  software distributed under the License is distributed on an\n  \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n  KIND, either express or implied.  See the License for the\n  specific language governing permissions and limitations\n  under the License.\n  --\u003e\n\n[![build test deploy](https://github.com/bootique/bootique-aws/actions/workflows/maven.yml/badge.svg)](https://github.com/bootique/bootique-aws/actions/workflows/maven.yml)\n[![Maven Central](https://img.shields.io/maven-central/v/io.bootique.aws/bootique-aws.svg?colorB=brightgreen)](https://search.maven.org/artifact/io.bootique.aws/bootique-aws)\n\n# Bootique AWS\n\nHelps to build Bootique apps that interact with AWS services and/or are deployed in the AWS environment (such as AWS \nJava Lambdas). Integrates [Amazon Java SDK 2.x](https://aws.amazon.com/sdk-for-java/) libraries with Bootique and allows \nto seamlessly merge data from AWS Secrets Manager into Bootique app configuration.\n\n## Quick FAQ\n### What AWS SDK Version does Bootique support?\nBootique 2 supports AWS SDK `1.x`. Bootique 3 supports `2.x`. `1.x` is still available but is deprecated since Bootioque 3.0, doesn't have many new features, and will be removed in the future versions.\n\n### I already have an app using Bootique with AWS SDK 1.x. How do I upgrade?\nThe main challenge would be to upgrade the use of AWS API, which is significantly different. You can start by reading\n[AWS Docs on this subject](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/migration.html). On Bootique\nside there are some differences in configuration and in what objects you inject. They are all [documented here](https://github.com/bootique/bootique-aws/issues/10).\n\n### What if I need to work with XYZ AWS service, and there is no module for it?\nIf Bootique doesn't yet provide a module for your favorite AWS service, you should still use `bootique-aws2` to configure\nservice credentials. And you can easily write your own integration module. Refer to `bootique-aws2-s3` source code for \na good example. Also, you can ping us via GitHub or the forum, and we may add your integration to Bootique.\n\n## Getting Started\n\nTo be able to call any AWS services, an app will need to be provided with a set of AWS credentials and a default region. \nThis can be done either via a Bootique config or one of the standard AWS client library strategies. Let's look at the \nfirst option - Bootique config. Start by importing `bootique-aws2` dependency:\n```xml\n\u003cdependency\u003e\n\t\u003cgroupId\u003eio.bootique.aws\u003c/groupId\u003e\n\t\u003cartifactId\u003ebootique-aws2\u003c/artifactId\u003e\n\u003c/dependency\u003e\n```\nGenerate access credentials in the AWS console, and configure the app similar to this:\n```yaml\naws:\n  credentials: \n    accessKey: AKINXC5IHNPO255OW4EW\n    secretKey: N8RX3nvEjlOfB3Fmp+KPVAV+4wbLSQCUL9+tkEA+\n    # Used for \"temporary\" credentials\n    # sessionToken: ....\n  defaultRegion: us-east-2\n```\nTo use a specific AWS service, you will need to import a corresponding module, that will create an injectable\nclient singleton for such service and will automatically use the credentials above. E.g. for S3 this might look like\nthis:\n```xml\n\u003cdependency\u003e\n\t\u003cgroupId\u003eio.bootique.aws\u003c/groupId\u003e\n\t\u003cartifactId\u003ebootique-aws2-s3\u003c/artifactId\u003e\n\u003c/dependency\u003e\n```\n\n```java\n@Inject\nprivate S3ClientFactory s3ClientFactory\n```\n\nBootique configuration support explicit credentials (including a \"temporary\" variety), and reading configuration\nprofiles. At the same time, AWS library has its own \n[credential provider chain](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html) that \nattempts to load credentials in turn from various sources (env vars, system properties, profile files, etc.). It is \ndisabled by default in Bootique to avoid unexpected interactions between the app and the environment. But it can be \nturned on either all at once:\n```java\n// turn on the entire default provider chain\nAwsModule.extend(binder).addAwsCredentialsProviderChain();\n```\nor piecemeal:\n\n```java\n// turn on one or more credential providers individually\nAwsModule.extend(binder)\n        .addEnvCredentialsProvider(1)\n        .addProfileCredentialsProvider(2);\n```\nNote that Bootique configuration will still take precedence over these providers, and only if the configuration is\nabsent, the providers would be invoked.\n\n## AWS EC2 and ECS\n\nYou don't need an explicit `accessKey` / `secretKey` configuration when running on EC2 or ECS, as these environments \nprovide a built-in metadata service to look up credentials. To enable no-config deployment in EC2, add the \nfollowing credentials provider:\n```java\nAwsModule.extend(binder).addContainerCredentialsProvider();\n```\n\nand for ECS use this:\n```java\nAwsModule.extend(binder).addContainerCredentialsProvider();\n```\n\n## AWS Lambdas\n\nMinimal footprint and quick startup time of Bootique makes it a perfect technology for writing \n[AWS Lambdas in Java](https://docs.aws.amazon.com/lambda/latest/dg/lambda-java.html). Instead of a \"main\" class in a \nnormal app, you would implement a Lambda \"handler\" with Bootique runtime included in it:\n```java\npublic class MyHandler implements RequestHandler\u003cObject, String\u003e {\n\n    private static BQRuntime runtime = Bootique.app()\n            .autoLoadModules()\n            .createRuntime();\n\n    @Override\n    public String handleRequest(Object o, Context context) {\n        // do something\n    }\n}\n```\nThe main difference with a standalone app is that there's no CLI, and you only \"create\" a BQRuntime, but do not\n\"run\" a command. You'd usually make the `runtime` static to speed up responses from warmed-up lambda instances.\nWithin the `handle*` method you'd obtain Bootique objects by calling `runtime.getInstance(MyType.class)` instead of\ninjection. Otherwise, all the Bootique APIs and practices should work unchanged.\n\nSince Lambda environment already includes credentials to access the rest of AWS as shell variables, you don't need an\nexplicit `accessKey` / `secretKey` configuration. Instead, add an extra line to add a Lambda-friendly credentials \nprovider:\n```java\nAwsModule.extend(b).addLambdaCredentialsProvider());\n```\n\n## AWS Secret Manager as a Source of App Configuration\n\nOften parts of the app configuration (especially various passwords) are stored as \"secrets\" in the \n[AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). WHen you query a Secrets Manager, secrets are returned \nas simple JSON objects. Bootique provides a way to load and merge them into the main app configuration tree. To work \nwith the Secrets Manager you will need the following dependency:\n\n```xml\n\u003cdependency\u003e\n\t\u003cgroupId\u003eio.bootique.aws\u003c/groupId\u003e\n\t\u003cartifactId\u003ebootique-aws2-secrets\u003c/artifactId\u003e\n\u003c/dependency\u003e\n```\nAnd then you'd list any secrets that should be included in the app configuration:\n```yaml\nawssecrets:\n  secrets:\n    secret1:\n      awsName: \"mysecret\" # Either a human-readable AWS name of a secret or an AWS ARN\n      mergePath: \"myapp.subconfig\" # Where in a config tree to place the loaded secret\n      jsonTransformer: \"mytransformer\" # Optional. \n         # A symbolic name of a class implementing AwsJsonTransformer that would \n         # transform the secret's JSON into a form compatible with the app config.\n```\nIf secret field names match exactly your target configuration properties, you won't need a transformer. Otherwise, \nwrite a class implementing `AwsJsonTransformer` and register it like this:\n```java\nAwsSecretsModule.extend(binder).addTransformer(\"mytransformer\", MyTransformer.class);\n```\nBootique strives to provide built-in transformers for the known secret formats. Here is an example showing how to \nload a standard RDS connection secret (that has a predefined format) and transform it to a `bootique-jdbc` Hikari \nDataSource configuration:\n\n```yaml\nawssecrets:\n  secrets:\n    secret1: \n      awsName: \"myRDSSecret\"\n      mergePath: \"jdbc.mydb\"\n      jsonTransformer: \"rds-to-hikari-datasource\" # This transformer is provided by \n          # Bootique out of the box and will transform a standard RDS connection secret\n          # into a Hikari config with \"jdbcUrl\", \"username\" and \"password\" keys.\n```\n\n## Custom Endpoints and Testing\n\nTODO\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbootique%2Fbootique-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbootique%2Fbootique-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbootique%2Fbootique-aws/lists"}