Use AWS Parameter Store Values for Quarkus Lambda Datasource Credential

1. Introduction

In this example, we are running a Quarkus application as a microservice on top of an AWS Lambda function. If you are wondering how to do that, you can follow this article

A microservice would often need to access the database. Still, the problem with AWS Lambda is that there is no way to fetch the username/password credentials directly from the AWS Parameter Store (this is not an issue when using a container in ECS).

2. Parameter Store

Make sure to create the following keys:
  • /dev/ct-quarkus-service/DB_USERNAME
  • /dev/ct-quarkus-service/DB_PASSWORD

3. Code Review

3.1 Add a dependency to AWS SSM.


3.2 Create the SSM Client.

public class SsmProvider {

  public Map<String, String> getSecretParams(List<String> paramsNames) {

    final SsmClient ssmClient = SsmClient.builder()
        .region(new SystemSettingsRegionProvider().getRegion())

    GetParametersResponse parametersResponse = ssmClient.getParameters(


    return parametersResponse.parameters().stream()
        .collect(toMap(Parameter::name, Parameter::value));

3.3 Implement the CredentialsProvider.

public class SsmCredentialsProvider implements CredentialsProvider {

  @ConfigProperty(name = "ct.datasource.username")
  String username;

  @ConfigProperty(name = "ct.datasource.password")
  String password;

  public Map <String, String> getCredentials(String credentialsProviderName) {
    SsmProvider ssmProvider = new SsmProvider();
    Map <String, String> properties = new HashMap<>();

    List <String> ssmParamsNames = List.of(username, password);
    Map <String, String> secretParams = ssmProvider.getSecretParams(ssmParamsNames);

    properties.put(USER_PROPERTY_NAME, secretParams.get(username));
    properties.put(PASSWORD_PROPERTY_NAME, secretParams.get(password));

    return properties;

3.4 Update the application.yml.

    name: ct-quarkus-service
    credentials-provider: custom
    credentials-provider-name: ssm-credentials-provider
    db-kind: mysql
      url: xxx
    username: ${DB_USERNAME:/dev/ct-quarkus-service/DB_USERNAME}
    password: ${DB_PASSWORD:/dev/ct-quarkus-service/DB_PASSWORD}

4. References


serverless 1793641098988788933

Post a Comment Default Comments

1 comment

Anonymous said...

It is now possible for a AWS Lambda to retrieve parameters from AWS Systems Manager Parameter Store and secrets from AWS Secrets Manager