Describe the bug
When using Spring Cloud AWS Secrets Manager (version 3.1.1) alongside the AWS STS SDK (version 2.29.34) in a Spring Boot application, the application fails to start in local profiles where spring.cloud.aws.secretsmanager.enabled=false
is explicitly set.
The expectation is that disabling Secrets Manager in the local profile should avoid any dependency on region configuration, especially when no AWS-specific features are intended to be used in this profile. However, the application requires spring.cloud.aws.region.static
to be explicitly configured to bypass this issue, even though Secrets Manager is disabled.
Error Log:
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [software.amazon.awssdk.auth.credentials.AwsCredentialsProvider]: Factory method 'credentialsProvider' threw exception with message: Unable to load region from any of the providers in the chain software.amazon.awssdk.regions.providers.DefaultAwsRegionProviderChain@6c37bd27: [software.amazon.awssdk.regions.providers.SystemSettingsRegionProvider@2b9b7f1f: Unable to load region from system settings. Region must be specified either via environment variable (AWS_REGION) or system property (aws.region)., software.amazon.awssdk.regions.providers.AwsProfileRegionProvider@60723d6a: No region provided in profile: default, software.amazon.awssdk.regions.providers.InstanceProfileRegionProvider@7a24eb3: Unable to contact EC2 metadata service.]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.lambda$instantiate$0(SimpleInstantiationStrategy.java:199) ~[spring-beans-6.2.1.jar:6.2.1]
Expected Behavior
When spring.cloud.aws.secretsmanager.enabled=false
is set for a given profile, the application should not require spring.cloud.aws.region.static
to be specified in that profile. The expectation is that disabling Secrets Manager functionality should also disable any region-related configuration requirements.
Steps to Reproduce Create a new Spring Boot application with Maven, including the following dependencies:
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>io.awspring.cloud</groupId>
<artifactId>spring-cloud-aws-starter-secrets-manager</artifactId>
<version>3.1.1</version>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>sts</artifactId>
<version>2.29.34</version>
</dependency>
</dependencies>
Add the following property files:
application.properties:
spring.application.name=aws-sts
application-local.properties:spring.cloud.aws.secretsmanager.enabled=false
Start the application with the command: ./mvnw spring-boot:run -Dspring.profiles.active=local
Observe the error.
Workaround:
Adding spring.cloud.aws.region.static=<region> (e.g., eu-west-1)
to the application-local.properties
file resolves the issue, but this contradicts the intention of disabling AWS-specific features in local profiles.
Reference: https://github.com/spring-cloud/spring-cloud-config/issues/1877#issuecomment-953558794