Merge branch 'awspring:main' into introduce-native-support

README.md

@@ -6,11 +6,11 @@ Simplifies using AWS managed services in a Spring and Spring Boot applications.
 
 For a deep dive into the project, refer to the Spring Cloud AWS documentation:
 
-| Version                    | Reference Docs                                                                                       | API Docs                                                                                |
-|----------------------------|------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
-| Spring Cloud AWS 3.0.0-RC1 | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/3.0.0-RC1/reference/html/index.html) | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/3.0.0-RC1/apidocs/index.html) | 
-| Spring Cloud AWS 2.4.4     | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.4.4/reference/html/index.html)     | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.4.4/apidocs/index.html)     | 
-| Spring Cloud AWS 2.3.5     | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.3.5/reference/html/index.html)     | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.3.5/apidocs/index.html)     |
+| Version                | Reference Docs                                                                                   | API Docs                                                                            |
+|------------------------|--------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------|
+| Spring Cloud AWS 3.0.1 | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/3.0.1/reference/html/index.html) | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/3.0.1/apidocs/index.html) | 
+| Spring Cloud AWS 2.4.4 | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.4.4/reference/html/index.html) | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.4.4/apidocs/index.html) | 
+| Spring Cloud AWS 2.3.5 | [Reference Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.3.5/reference/html/index.html) | [API Docs](https://docs.awspring.io/spring-cloud-aws/docs/2.3.5/apidocs/index.html) |
 
 ## Sponsors
 
@@ -22,11 +22,11 @@ Big thanks to [Localstack](https://localstack.cloud) for providing PRO licenses
 
 This project has dependency and transitive dependencies on Spring Projects. The table below outlines the versions of Spring Cloud, Spring Boot and Spring Framework versions that are compatible with certain Spring Cloud AWS version.
 
-| Spring Cloud AWS          | Spring Cloud                                                                                                          | Spring Boot  | Spring Framework | AWS Java SDK |
-|---------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------|------------------|--------------|
-| 2.3.x (maintenance mode)  | [2020.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2020.0-Release-Notes) (3.0/Illford) | 2.4.x, 2.5.x | 5.3.x            | 1.x          |
-| 2.4.x (maintenance mode)  | [2021.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2021.0-Release-Notes) (3.1/Jubilee) | 2.6.x, 2.7.x | 5.3.x            | 1.x          |
-| 3.0.x (under development) | [2022.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2022.0-Release-Notes) (4.0/Kilburn) | 3.0.x        | 6.0.x            | 2.x          |
+| Spring Cloud AWS             | Spring Cloud                                                                                                          | Spring Boot  | Spring Framework | AWS Java SDK |
+|------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------|------------------|--------------|
+| 2.3.x (maintenance mode)  	| [2020.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2020.0-Release-Notes) (3.0/Illford) | 2.4.x, 2.5.x | 5.3.x            | 1.x          |
+| 2.4.x (maintenance mode)  	| [2021.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2021.0-Release-Notes) (3.1/Jubilee) | 2.6.x, 2.7.x | 5.3.x            | 1.x          |
+| 3.0.x                        | [2022.0.x](https://github.com/spring-cloud/spring-cloud-release/wiki/Spring-Cloud-2022.0-Release-Notes) (4.0/Kilburn) | 3.0.x        | 6.0.x            | 2.x          |
 
 **Note**: 3.0.0-M2 is the last version compatible with Spring Boot 2.7.x and Spring Cloud 3.1. Starting from 3.0.0-M3, project has switched to Spring Boot 3.0.
 
@@ -54,9 +54,6 @@ Note, that Spring provides support for other AWS services in following projects:
 - [Spring Cloud Config Server](https://github.com/spring-cloud/spring-cloud-config) supports AWS Parameter Store and Secrets Manager
 - [Spring Integration for AWS](https://github.com/spring-projects/spring-integration-aws)
 
-## Current Efforts
-
-We are working on Spring Cloud AWS 3.0 - a major release that includes moving to AWS SDK v2 and re-thinking most of the integrations.
 
 ## Checking out and building
 

docs/pom.xml

@@ -6,7 +6,7 @@
 	<parent>
 		<groupId>io.awspring.cloud</groupId>
 		<artifactId>spring-cloud-aws</artifactId>
-		<version>3.0.0-SNAPSHOT</version>
+		<version>3.0.2-SNAPSHOT</version>
 	</parent>
 	<artifactId>spring-cloud-aws-docs</artifactId>
 	<packaging>pom</packaging>

docs/src/main/asciidoc/_configprops.adoc

@@ -7,6 +7,10 @@
 |spring.cloud.aws.credentials.instance-profile | `+++false+++` | Configures an instance profile credentials provider with no further configuration.
 |spring.cloud.aws.credentials.profile |  | The AWS profile.
 |spring.cloud.aws.credentials.secret-key |  | The secret key to be used with a static provider.
+|spring.cloud.aws.credentials.sts.async-credentials-update |  | 
+|spring.cloud.aws.credentials.sts.role-arn |  | ARN of IAM role associated with STS. If not provided this will be read from {@link software.amazon.awssdk.core.SdkSystemSetting}.
+|spring.cloud.aws.credentials.sts.role-session-name |  | Role session name that will be used by credentials provider. By default this is read from {@link software.amazon.awssdk.core.SdkSystemSetting}.
+|spring.cloud.aws.credentials.sts.web-identity-token-file |  | Absolute path to the web identity token file that will be used by credentials provider. By default this will be read from {@link software.amazon.awssdk.core.SdkSystemSetting}.
 |spring.cloud.aws.defaults-mode |  | Sets the {@link DefaultsMode} that will be used to determine how certain default configuration options are resolved in the SDK. <a href= "https://aws.amazon.com/blogs/developer/introducing-smart-configuration-defaults-in-the-aws-sdk-for-java-v2/">Introducing Smart Configuration Defaults in the AWS SDK for Java v2</a>
 |spring.cloud.aws.dualstack-enabled |  | Configure whether the SDK should use the AWS dualstack endpoint.
 |spring.cloud.aws.dynamodb.dax.cluster-update-interval-millis |  | Interval between polling of cluster members for membership changes.

docs/src/main/asciidoc/cloudwatch.adoc

@@ -10,7 +10,7 @@ To send metrics to CloudWatch add a dependency to `micrometer-registry-cloudwatc
 </dependency>
 ----
 
-Additionally, CloudWatch integration requires a value provided for `management.metrics.export.cloudwatch.namespace` configuration property.
+Additionally, CloudWatch integration requires a value provided for `management.cloudwatch.metrics.export.namespace` configuration property.
 
 Following configuration properties are available to configure CloudWatch integration:
 
@@ -20,11 +20,11 @@ Following configuration properties are available to configure CloudWatch integra
 |default
 |description
 
-|management.metrics.export.cloudwatch.namespace
+|management.cloudwatch.metrics.export.namespace
 |
 |The namespace which will be used when sending metrics to CloudWatch. This property is needed and must not be null.
 
-|management.metrics.export.cloudwatch.step
+|management.cloudwatch.metrics.export.step
 |1m
 |The interval at which metrics are sent to CloudWatch. The default is 1 minute.
 

docs/src/main/asciidoc/core.adoc

@@ -26,6 +26,21 @@ public interface AwsCredentialsProvider {
 }
 ----
 
+There are 3 ways in which the `AwsCredentialsProvider` in Spring Cloud AWS can be configured:
+
+1. `DefaultCredentialsProvider`
+2. `StsWebIdentityTokenFileCredentialsProvider` - recommended for EKS
+3. Custom `AwsCredentialsProvider`
+
+If you are having problems with configuring credentials, consider enabling debug logging for more info:
+
+[source,properties]
+----
+logging.level.io.awspring.cloud=debug
+----
+
+==== DefaultCredentialsProvider
+
 By default, Spring Cloud AWS starter auto-configures a `DefaultCredentialsProvider`, which looks for AWS credentials in this order:
 
 1. Java System Properties - `aws.accessKeyId` and `aws.secretAccessKey`
@@ -61,9 +76,46 @@ If it does not serve your project needs, this behavior can be changed by setting
 
 |spring.cloud.aws.credentials.profile.path
 |`~/.aws/credentials`
-|The file path where the profile configuration file is located. Defaults to `~/.aws/credentials` if value is not provided
+|The file path where the profile configuration file is located. Defaults to `~/.aws/credentials` if a value is not provided
 |===
 
+==== StsWebIdentityTokenFileCredentialsProvider
+
+The `StsWebIdentityTokenFileCredentialsProvider` allows your application to assume an AWS IAM Role using a web identity token file, which is especially useful in Kubernetes and AWS EKS environments.
+
+===== Prerequisites
+1. Create a role that you want to assume.
+2. Create a web identity token file for your application.
+
+In EKS, please follow this guide to set up service accounts https://docs.aws.amazon.com/eks/latest/userguide/pod-configuration.html
+
+The `StsWebIdentityTokenFileCredentialsProvider` support is optional, so you need to include the following Maven dependency:
+[source,xml,indent=0]
+----
+<dependency>
+	<groupId>software.amazon.awssdk</groupId>
+	<artifactId>sts</artifactId>
+</dependency>
+----
+
+
+===== Configuring
+In EKS no additional configuration is required as the service account already configures the correct environment variables; however, they can be overridden.
+
+STS credentials configuration supports following properties:
+
+[cols="2,3,1,1"]
+|===
+| Name | Description | Required | Default value
+| `spring.cloud.aws.credentials.sts.role-arn` | ARN of IAM role associated with STS. | No | `null` (falls back to SDK default)
+| `spring.cloud.aws.credentials.sts.web-identity-token-file` | Absolute path to the web identity token file that will be used by credentials provider. | No | `null` (falls back to SDK default)
+| `spring.cloud.aws.credentials.sts.is-async-credentials-update` | Enables provider to asynchronously fetch credentials in the background. | No | `false`
+| `spring.cloud.aws.credentials.sts.role-session-name` | Role session name that will be used by credentials provider. | No | `null` (falls back to SDK default)
+|===
+
+
+==== Custom AwsCredentialsProvider
+
 It is also possible to configure custom `AwsCredentialsProvider` bean which will prevent Spring Cloud AWS from auto-configuring credentials provider:
 
 [source,java,indent=0]

docs/src/main/asciidoc/migration.adoc

@@ -26,6 +26,9 @@ Properties that have changed from 2.x to 3.x are listed below:
 
 |`aws.secretsmanager.region`
 |`spring.cloud.aws.secretsmanager.region`
+
+|`management.metrics.export.cloudwatch.*`
+|`management.cloudwatch.metrics.export.*`
 |===
 
 Properties that have been removed in 3.x are listed below:

docs/src/main/asciidoc/ses.adoc

@@ -55,19 +55,22 @@ class MailSendingService {
 ----
 
 
-=== Sending attachments
+=== Sending attachments and/or HTML e-mails
 
-Sending attachments with e-mail requires MIME messages to be created and sent. In order to create MIME messages,
-the Java Mail dependency is required and has to be included in the classpath. Spring Cloud AWS will detect the
+Sending attachments with e-mail or HTML e-mails requires MIME messages to be created and sent. In order to create MIME messages,
+the Java Mail API dependency and an implementation need to be in the classpath. Spring Cloud AWS will detect the
 dependency and create a `org.springframework.mail.javamail.JavaMailSender` implementation that allows to create and
-build MIME messages and send them. A dependency configuration for the Java Mail API is the only change in the configuration
-which is shown below.
+build MIME messages and send them. Dependencies for the Java Mail API and an implementation are the only needed configuration changes as shown below.
 
 [source,xml,indent=0]
 ----
 <dependency>
-	<groupId>javax.mail</groupId>
-	<artifactId>mailapi</artifactId>
+	<groupId>jakarta.mail</groupId>
+	<artifactId>jakarta.mail-api</artifactId>
+</dependency>
+<dependency>
+	<groupId>org.eclipse.angus</groupId>
+	<artifactId>jakarta.mail</artifactId>
 </dependency>
 ----
 

docs/src/main/asciidoc/sqs.adoc

@@ -246,7 +246,8 @@ SendResult<String> result = template.send(to -> to.queue("myQueue")
 ```
 
 NOTE: To send messages to a Fifo queue, the options include `messageDeduplicationId` and `messageGroupId` properties.
-If either values are not provided, a random UUID is generated.
+If `messageGroupId` is not provided, a random UUID is generated by the framework.
+If `messageDeduplicationId` is not provided and content deduplication is disabled on AWS, a random UUID is generated.
 The generated values can be retrieved in the headers of the `Message` contained in the `SendResult` object.
 
 
@@ -802,6 +803,13 @@ See AWS documentation for more information.
 After that period, the framework will try to perform a partial acquire with the available permits, resulting in a poll for less than `maxMessagesPerPoll` messages, unless otherwise configured.
 See <<Message Processing Throughput>>.
 
+|`autoStartup`
+|true, false
+|true
+|Determines wherever container should start automatically. When set to false the
+container will not launch on startup, requiring manual intervention to start it.
+See <<Container Lifecycle>>.
+
 |`listenerShutdownTimeout`
 |0 - undefined
 |10 seconds
@@ -926,6 +934,8 @@ The `MessageListenerContainer` interface extends `SmartLifecycle`, which provide
 Containers created from `@SqsListener` annotations are registered in a `MessageListenerContainerRegistry` bean that is registered by the framework.
 The containers themselves are not Spring-managed beans, and the registry is responsible for managing these containers` lifecycle in application startup and shutdown.
 
+NOTE: The `DefaultListenerContainerRegistry ` implementation provided by the framework allows the phase value to be set through the `setPhase` method. The default value is `MessageListenerContainer.DEFAULT_PHASE`.
+
 At startup, the containers will make requests to `SQS` to retrieve the queues` urls for the provided queue names or ARNs, and for retrieving `QueueAttributes` if so configured.
 Providing queue urls instead of names and not requesting queue attributes can result in slightly better startup times since there's no need for such requests.
 
@@ -954,6 +964,8 @@ MessageListenerContainer<Object> listenerContainer(SqsAsyncClient sqsAsyncClient
 }
 ----
 
+NOTE: The `SqsMessageListenerContainer.builder()` allows to specify the `SmartLifecycle.phase`, to override the default value defined in `MessageListenerContainer.DEFAULT_PHASE`
+
 ===== Retrieving Containers from the Registry
 
 Containers can be retrieved by fetching the `MessageListenerContainer` bean from the container and using the `getListenerContainers` and `getContainerById` methods.

pom.xml

@@ -12,7 +12,7 @@
 
 	<groupId>io.awspring.cloud</groupId>
 	<artifactId>spring-cloud-aws</artifactId>
-	<version>3.0.0-SNAPSHOT</version>
+	<version>3.0.2-SNAPSHOT</version>
 	<packaging>pom</packaging>
 	<name>Spring Cloud AWS</name>
 

spring-cloud-aws-autoconfigure/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<groupId>io.awspring.cloud</groupId>
 		<artifactId>spring-cloud-aws</artifactId>
-		<version>3.0.0-SNAPSHOT</version>
+		<version>3.0.2-SNAPSHOT</version>
 	</parent>
 
 	<artifactId>spring-cloud-aws-autoconfigure</artifactId>
@@ -146,6 +146,11 @@
 			<artifactId>spring-boot-starter-aop</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>software.amazon.awssdk</groupId>
+			<artifactId>sts</artifactId>
+			<optional>true</optional>
+		</dependency>
 
 	</dependencies>
 </project>

spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/config/AbstractAwsConfigDataLocationResolver.java

@@ -15,10 +15,11 @@
  */
 package io.awspring.cloud.autoconfigure.config;
 
+import static io.awspring.cloud.autoconfigure.core.CredentialsProviderAutoConfiguration.createCredentialsProvider;
+
 import io.awspring.cloud.autoconfigure.AwsClientProperties;
 import io.awspring.cloud.autoconfigure.core.AwsProperties;
 import io.awspring.cloud.autoconfigure.core.CredentialsProperties;
-import io.awspring.cloud.autoconfigure.core.CredentialsProviderAutoConfiguration;
 import io.awspring.cloud.autoconfigure.core.RegionProperties;
 import io.awspring.cloud.autoconfigure.core.RegionProviderAutoConfiguration;
 import io.awspring.cloud.core.SpringCloudClientConfiguration;
@@ -48,6 +49,7 @@
  *
  * @param <T> - the location type
  * @author Maciej Walkowiak
+ * @author Eduan Bekker
  * @since 3.0
  */
 public abstract class AbstractAwsConfigDataLocationResolver<T extends ConfigDataResource>
@@ -116,24 +118,25 @@ protected List<String> getCustomContexts(String keys) {
 
 	protected <T extends AwsClientBuilder<?, ?>> T configure(T builder, AwsClientProperties properties,
 			BootstrapContext context) {
-		AwsCredentialsProvider credentialsProvider;
+
+		AwsRegionProvider regionProvider;
 
 		try {
-			credentialsProvider = context.get(AwsCredentialsProvider.class);
+			regionProvider = context.get(AwsRegionProvider.class);
 		}
 		catch (IllegalStateException e) {
-			CredentialsProperties credentialsProperties = context.get(CredentialsProperties.class);
-			credentialsProvider = CredentialsProviderAutoConfiguration.createCredentialsProvider(credentialsProperties);
+			RegionProperties regionProperties = context.get(RegionProperties.class);
+			regionProvider = RegionProviderAutoConfiguration.createRegionProvider(regionProperties);
 		}
 
-		AwsRegionProvider regionProvider;
+		AwsCredentialsProvider credentialsProvider;
 
 		try {
-			regionProvider = context.get(AwsRegionProvider.class);
+			credentialsProvider = context.get(AwsCredentialsProvider.class);
 		}
 		catch (IllegalStateException e) {
-			RegionProperties regionProperties = context.get(RegionProperties.class);
-			regionProvider = RegionProviderAutoConfiguration.createRegionProvider(regionProperties);
+			CredentialsProperties credentialsProperties = context.get(CredentialsProperties.class);
+			credentialsProvider = createCredentialsProvider(credentialsProperties, regionProvider);
 		}
 
 		AwsProperties awsProperties = context.get(AwsProperties.class);

spring-cloud-aws-autoconfigure/src/main/java/io/awspring/cloud/autoconfigure/config/reload/ConfigurationChangeDetector.java

@@ -16,6 +16,7 @@
 package io.awspring.cloud.autoconfigure.config.reload;
 
 import io.awspring.cloud.core.config.AwsPropertySource;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 import java.util.stream.Collectors;
@@ -68,6 +69,13 @@ protected boolean changed(EnumerablePropertySource<?> left, EnumerablePropertySo
 		if (left == right) {
 			return false;
 		}
+
+		// check if a new property is added
+		if (!Arrays.equals(left.getPropertyNames(), right.getPropertyNames())) {
+			return true;
+		}
+
+		// check if a value of existing property changed
 		for (String property : left.getPropertyNames()) {
 			if (!Objects.equals(left.getProperty(property), right.getProperty(property))) {
 				return true;