[Fix] AWS Credential 시크릿에서 주입받아 배포하도록 수정 (#548) #549
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
There was a problem hiding this comment.
Pull Request Overview
This PR refactors the AWS credential injection mechanism by removing hard-coded credentials from the configuration and instead relying on environment variables provided via a dynamically generated .env file during deployment.
- Removed explicit AWS credentials injection from AwsConfig.java, now using the SDK’s default credential provider chain.
- Updated the deployment workflow to generate a .env file with AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/main/java/org/sopt/app/common/config/AwsConfig.java | Removed explicit credential injection to enable default AWS SDK behavior. |
| .github/workflows/app-cd-dev.yml | Modified deployment script to generate a .env file with AWS credentials. |
Comments suppressed due to low confidence (2)
src/main/java/org/sopt/app/common/config/AwsConfig.java:16
- Confirm that the AWS SDK's default credential provider chain correctly locates credentials from the dynamically generated .env file during deployment to avoid runtime errors.
return AmazonS3ClientBuilder.standard().withRegion(region).build();
.github/workflows/app-cd-dev.yml:96
- Ensure that the .env file is created in the correct directory where the application expects it, so that the AWS SDK can automatically load the credentials.
echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_ID }}" > .env
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Related issue 🛠
Work Description ✏️
Situation
AWS Credential을 yml에서 주입하여 설정하는 기존 방식을 사용하고 있던 것을 발견했어요.
S3 관련 Access Denied 이슈를 발견하고, 수정하려고 하는데 액세스 키 값이 Github Secret과 yml에 둘 다 설정되어있고 둘의 일치 여부를 확인할 수 없어 디버깅이 어려웠어요.
Action
이에, docker-compose로 배포 시에
.env파일을 생성하고, 환경 변수를 Github Secret에서 동적으로 CD에서 주입한 뒤 AWS SDK가 기본 자격 증명 공급자 체인 (Default Credential Provider Chain)을 사용하도록 했어요.작업 내용은 다음과 같아요.
@Value로 yml 값을 주입받던 코드 삭제.env파일을 동적으로 생성하고, AWS SDK가 자동으로 감지하도록 배포 스크립트 수정- name: Docker Container Run uses: appleboy/ssh-action@master with: username: ec2-user host: ${{ secrets.DEV_SERVER_IP }} key: ${{ secrets.DEV_PEM_KEY }} script: | cd ~ cd ./app echo "Creating .env file..." echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_ID }}" > .env echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY }}" >> .env sudo chmod +x ./script/*.sh ./script/deploy.sh docker image prune -fTrouble Shooting ⚽️
Related ScreenShot 📷
Uncompleted Tasks 😅
To Reviewers 📢