Spring Cloud Config Secure cloud config

Can we secure cloud config server deployed on AWS ECS with ECS task role so that only spring cloud gateway (deployed on ECS) can access it? If not what are the other mechanisms to protect cloud config server without use of username/password?

Comment From: spencergibb

I have no experience with aws ecs

Comment From: gituserjava

@spencergibb , are there any mechanisms to protect cloud config server without use of username/password?

Comment From: spencergibb

Anything you can do with spring security

Comment From: gituserjava

@spencergibb , we are using Spring Cloud Config with Spring Boot 2.0 and I configured spring security as below. This is not validating the username/password. If I don't password it does say 401, but with incorrect password also it is working.

Do we need to do anything specific for cloud config?

spring:
   security:
   user: 
       name: test
       password abc
       roles: USER

@Override
        protected void configure(HttpSecurity http) throws Exception {
                http.csrf().disable().authorizeRequests().antMatchers("/**").hasRole("USER").and().httpBasic();
        }

Comment From: spencergibb

No that is all spring security