davidrosenstark/SSMClient.java

## SSMClient.java
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient;
import com.amazonaws.services.simplesystemsmanagement.model.*;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;

import javax.annotation.PostConstruct;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

/**
 * Class to wrap getting and setting parameters in AWS Parameter Store
 * Need to provide credentials or IAM role access to AWS Parameter Store
 */

@Component
@Lazy
public class SSMClient {

    @Autowired(required = false)
    //this is not required if you are using IAM Role on instance
    private AWSCredentialsProvider awsCredentialsProvider;

    private AWSSimpleSystemsManagement awsSimpleSystemsManagement;

    @Value("${ssm.region}")
    //We have found that even if profile of Credentials has region still required to provide
    private String region;

    @Autowired(required = false)
    //use this for custom configuration like acess via proxy
    private ClientConfiguration clientConfiguration;

    public SSMClient() {
    }

    //constructor for non spring use to class
    public SSMClient(AWSCredentialsProvider awsCredentialsProvider, String region) {
        this.awsCredentialsProvider = awsCredentialsProvider;
        this.region = region;
    }

    @PostConstruct
    public void init() {
        awsSimpleSystemsManagement = AWSSimpleSystemsManagementClient.builder().withCredentials(awsCredentialsProvider)
                .withClientConfiguration(clientConfiguration)
                .withRegion(region).build();
    }


    /**
     * Get parameter from SSM, with or without encryption (use IAM role for decryption)
     * Throws {@Link com.amazonaws.services.simplesystemsmanagement.model.ParameterNotFoundException} if not found
     * @param key
     * @param encryption
     * @return value
     */
    public String getParameter(String key, boolean encryption) {
        GetParameterRequest getparameterRequest = new GetParameterRequest().withName(key).withWithDecryption(encryption);
        final GetParameterResult result = awsSimpleSystemsManagement.getParameter(getparameterRequest);
        return result.getParameter().getValue();
    }

    /**
     * Get parameter from SSM by path, with or without encryption (use IAM role for decryption)
     * Returns Map of all values, with all path parameters removed, since we assume that the path is for environment
     * @param path
     * @param encryption
     * @return Map of all values in path
     */
    public Map<String, String> getParametersByPath(String path, boolean encryption) {
        GetParametersByPathRequest getParametersByPathRequest = new GetParametersByPathRequest().withPath(path)
                .withWithDecryption(encryption)
                .withRecursive(true);
        String token = null;
        Map<String, String> params = new HashMap<>();
        do {
            getParametersByPathRequest.setNextToken(token);
            GetParametersByPathResult parameterResult = awsSimpleSystemsManagement.getParametersByPath
                    (getParametersByPathRequest);
            token = parameterResult.getNextToken();
            params.putAll(addParamsToMap(parameterResult.getParameters()));
        } while (token != null);
        return params;
    }

    private Map<String,String> addParamsToMap(List<Parameter> parameters) {
        return parameters.stream().map( param -> {
           int envSeparator = param.getName().indexOf("/",1);
           return new ImmutablePair<>(param.getName().substring(envSeparator+1), param.getValue());
        }).collect(Collectors.toMap(Pair::getLeft, Pair::getRight));
    }


}
	import com.amazonaws.ClientConfiguration;
	import com.amazonaws.auth.AWSCredentialsProvider;
	import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagement;
	import com.amazonaws.services.simplesystemsmanagement.AWSSimpleSystemsManagementClient;
	import com.amazonaws.services.simplesystemsmanagement.model.*;
	import org.apache.commons.lang3.tuple.ImmutablePair;
	import org.apache.commons.lang3.tuple.Pair;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.beans.factory.annotation.Value;
	import org.springframework.context.annotation.Lazy;
	import org.springframework.stereotype.Component;

	import javax.annotation.PostConstruct;
	import java.util.HashMap;
	import java.util.List;
	import java.util.Map;
	import java.util.stream.Collectors;

	/**
	* Class to wrap getting and setting parameters in AWS Parameter Store
	* Need to provide credentials or IAM role access to AWS Parameter Store
	*/

	@Component
	@Lazy
	public class SSMClient {

	@Autowired(required = false)
	//this is not required if you are using IAM Role on instance
	private AWSCredentialsProvider awsCredentialsProvider;

	private AWSSimpleSystemsManagement awsSimpleSystemsManagement;

	@Value("${ssm.region}")
	//We have found that even if profile of Credentials has region still required to provide
	private String region;

	@Autowired(required = false)
	//use this for custom configuration like acess via proxy
	private ClientConfiguration clientConfiguration;

	public SSMClient() {
	}

	//constructor for non spring use to class
	public SSMClient(AWSCredentialsProvider awsCredentialsProvider, String region) {
	this.awsCredentialsProvider = awsCredentialsProvider;
	this.region = region;
	}

	@PostConstruct
	public void init() {
	awsSimpleSystemsManagement = AWSSimpleSystemsManagementClient.builder().withCredentials(awsCredentialsProvider)
	.withClientConfiguration(clientConfiguration)
	.withRegion(region).build();
	}



	/**
	* Get parameter from SSM, with or without encryption (use IAM role for decryption)
	* Throws {@Link com.amazonaws.services.simplesystemsmanagement.model.ParameterNotFoundException} if not found
	* @param key
	* @param encryption
	* @return value
	*/
	public String getParameter(String key, boolean encryption) {
	GetParameterRequest getparameterRequest = new GetParameterRequest().withName(key).withWithDecryption(encryption);
	final GetParameterResult result = awsSimpleSystemsManagement.getParameter(getparameterRequest);
	return result.getParameter().getValue();
	}

	/**
	* Get parameter from SSM by path, with or without encryption (use IAM role for decryption)
	* Returns Map of all values, with all path parameters removed, since we assume that the path is for environment
	* @param path
	* @param encryption
	* @return Map of all values in path
	*/
	public Map<String, String> getParametersByPath(String path, boolean encryption) {
	GetParametersByPathRequest getParametersByPathRequest = new GetParametersByPathRequest().withPath(path)
	.withWithDecryption(encryption)
	.withRecursive(true);
	String token = null;
	Map<String, String> params = new HashMap<>();
	do {
	getParametersByPathRequest.setNextToken(token);
	GetParametersByPathResult parameterResult = awsSimpleSystemsManagement.getParametersByPath
	(getParametersByPathRequest);
	token = parameterResult.getNextToken();
	params.putAll(addParamsToMap(parameterResult.getParameters()));
	} while (token != null);
	return params;
	}

	private Map<String,String> addParamsToMap(List<Parameter> parameters) {
	return parameters.stream().map( param -> {
	int envSeparator = param.getName().indexOf("/",1);
	return new ImmutablePair<>(param.getName().substring(envSeparator+1), param.getValue());
	}).collect(Collectors.toMap(Pair::getLeft, Pair::getRight));
	}


	}