Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/davidmoten/aws-maven-plugin
Deploys resources to AWS using maven
https://github.com/davidmoten/aws-maven-plugin
aws aws-beanstalk aws-cloudformation aws-lambda aws-s3 beanstalk cloudformation lambda maven-plugin s3-bucket
Last synced: 4 months ago
JSON representation
Deploys resources to AWS using maven
- Host: GitHub
- URL: https://github.com/davidmoten/aws-maven-plugin
- Owner: davidmoten
- License: apache-2.0
- Created: 2016-01-21T08:41:45.000Z (about 9 years ago)
- Default Branch: master
- Last Pushed: 2024-09-19T12:51:14.000Z (5 months ago)
- Last Synced: 2024-10-14T07:45:31.917Z (4 months ago)
- Topics: aws, aws-beanstalk, aws-cloudformation, aws-lambda, aws-s3, beanstalk, cloudformation, lambda, maven-plugin, s3-bucket
- Language: Java
- Homepage:
- Size: 209 KB
- Stars: 27
- Watchers: 2
- Forks: 10
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
aws-maven-plugin
-----------------
[](https://maven-badges.herokuapp.com/maven-central/com.github.davidmoten/aws-maven-plugin)
* Deploy a zipped artifact (zip or war for instance) to an environment on AWS Elastic Beanstalk
* Deploy a zipped artifact (zip or jar for instance) to a function on AWS Lambda
* Deploy a directory to an S3 bucket giving all users read permissions (designed for public S3-hosted websites)
* Create/Update a stack on CloudFormation
* Deploy an API Gateway Rest API (CloudFormation does not deploy an api to a stage)
* Remove instance security group rules pertaining to particular ports on a Beanstalk deployment (exists because of known inadequacies in cloudformation and default security group creation)
* Supports java 7+
* Supports proxy
Status: *released to Maven Central*
[Maven reports](http://davidmoten.github.io/aws-maven-plugin/index.html)
## How to use
### Authentication
You must provide credentials in order to make requests to AWS services. You can either specify the
credentials in the plugin configuration or rely on the default credential provider chain, which
attemps to find the credentials in different sources. The followin order is used to find the AWS
credentials:
1. If `serverId` is specified, the plugin checks the Maven server authentication profile. In that
case your `~/.m2/settings.xml` has to include AWS access keys. In the `servers` tag, add a
child `server` tag with an `id` with the `serverId` you specified earlier in the plugin
configuration. Use `username` and `password` to define your AWS access and AWS secret access
keys respectively:
```xml
mycompany.aws
AWS_ACCESS_KEY_HERE
AWS_SECRET_ACCESS_KEY_HERE
```
Only the password field (secret access key) in the `server` element can be encrypted (as per `mvn -ep`).
2. Plugin configuration – `awsAccessKey` and `awsSecretAccessKey` parameters.
3. Default AWS credential provider chain:
1. Environment variables – `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
2. Java system properties – `aws.accessKeyId` and `aws.secretKey`.
3. The default credential profiles file, that is usually located at `~/.aws/credentials`
4. Amazon ECS container credentials.
5. Instance profile credentials.
6. Web Identity Token credentials from the environment or container.
### Deploy to Beanstalk
Add this to the `` section of your pom.xml:
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
${env.YOUR_AWS_ACCESS_KEY}
${env.YOUR_AWS_SECRET_ACCESS_KEY}
ap-southeast-2
${project.build.directory}/my-artifact.war
my-application-name
my-environment-name
my-artifact-${maven.build.timestamp}.war
proxy.me.com
8080
user
pass
```
Notes:
* If you don't access AWS via an https proxy then leave those configuration settings out.
* You can also specify a `` in configuration if you want. If you don't it is automatically generated for you using the application name and a timestamp.
To deploy a war and get it running on Beanstalk:
```bash
export AWS_ACCESS_KEY=
export AWS_SECRET_ACCESS_KEY=
mvn package aws:deploy
```
The user represented by the AWS access key must have put permission on S3 and full access permission on ElasticBeanstalk.
### Deploy to Lambda
Add this to the `` section of your pom.xml:
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
${env.YOUR_AWS_ACCESS_KEY}
${env.YOUR_AWS_SECRET_ACCESS_KEY}
ap-southeast-2
${project.build.directory}/my-artifact.war
myFunction
${project.version}-${maven.build.timestamp}
proxy.mycompany
8080
user
pass
```
Notes:
* If you don't access AWS via an https proxy then leave those configuration settings out.
* Adding `AWSLambdaFullAccess` managed policy to your user in IAM doesn't give you the ability to call `UpdateFunctionCode`. To fix this add an inline policy as below:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1464440182000",
"Effect": "Allow",
"Action": [
"lambda:InvokeAsync",
"lambda:InvokeFunction",
"lambda:UpdateFunctionCode"
],
"Resource": [
"*"
]
}
]
}
```
To deploy a jar and get it running on Lambda:
```bash
export AWS_ACCESS_KEY=
export AWS_SECRET_ACCESS_KEY=
mvn package aws:deployLambda
```
### Deploy directory to S3
* deploys a directory to a path in an S3 bucket
* all uploaded files are given public read permissions (can configure this off)
* designed for upload of public websites
Add this to the `` section of your pom.xml:
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
${env.YOUR_AWS_ACCESS_KEY}
${env.YOUR_AWS_SECRET_ACCESS_KEY}
ap-southeast-2
src/main/webapp
false
the_bucket
proxy.mycompany
8080
user
pass
```
Notes:
* If you don't access AWS via an https proxy then leave those configuration settings out.
```bash
export AWS_ACCESS_KEY=
export AWS_SECRET_ACCESS_KEY=
mvn package aws:deployS3
```
### Create/Update CloudfFormation stack
To create or update a stack in CloudFormation (bulk create/modify resources in AWS using a declarative definition) specify the name of the stack, the template and its parameters to the plugin as below.
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
${env.YOUR_AWS_ACCESS_KEY}
${env.YOUR_AWS_SECRET_ACCESS_KEY}
ap-southeast-2
myStack
src/main/aws/cloudformation.yaml
dev
6.01
2
proxy.mycompany
8080
user
pass
```
and call
```bash
mvn package aws:deployCf
```
### Deploy an API Gateway API to a Stage
Use the `deployRestApi` goal:
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
${env.YOUR_AWS_ACCESS_KEY}
${env.YOUR_AWS_SECRET_ACCESS_KEY}
ap-southeast-2
my-gateway
dev
proxy.mycompany
8080
user
pass
```
and call
```bash
mvn package aws:deployRestApi
```
### Remove instance security group rules for particular ports on a Beanstalk deployment
Use the `removePorts` goal:
```xml
com.github.davidmoten
aws-maven-plugin
[LATEST_VERSION]
aws
YOUR_AWS_ACCESS_KEY
YOUR_AWS_SECRET_ACCESS_KEY
ap-southeast-2
80
proxy.mycompany
8080
user
pass
```
and call
```bash
mvn package aws:removePorts
```
Output from a sample run:
```
[INFO] getting instance ids for environment blah-blah
[INFO] getting security group ids for instance ids [i-017071d415b837a6f]
[INFO] getting security group rules for security group ids [sg-081ae8c0d524d1a99]
[INFO] revoking security group rules {sg-081ae8c0d524d1a99=[sgr-0eb6bfef7cb762f86]}
[INFO] revoked=true for groupId=sg-081ae8c0d524d1a99, ruleIds=[sgr-0eb6bfef7cb762f86]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.357 s
[INFO] Finished at: 2022-06-22T15:59:59+10:00
[INFO] ------------------------------------------------------------------------
```
Nice and easy! (Let me know if you have any problems!)