Merge remote-tracking branch 'origin/2.3.x' into gh-655-polish2

Author: maciejwalkowiak

.github/workflows/build.yml

@@ -13,7 +13,7 @@ jobs:
     name: "Test with ${{ matrix.version }}"
     strategy:
       matrix:
-        version: [ 8.0.272.hs-adpt ]
+        version: [ 8.0.275.hs-adpt ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2

.github/workflows/release.yml

@@ -12,7 +12,7 @@ jobs:
     name: "Release"
     strategy:
       matrix:
-        version: [ 8.0.272.hs-adpt ]
+        version: [ 8.0.275.hs-adpt ]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2

.github/workflows/upload-docs.yml

@@ -23,7 +23,7 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Build docs
-        run: ./mvnw -pl docs clean package -Pdocs
+        run: ./mvnw clean package -Pdocs,spring -DskipTests=true
       - name: Upload to S3
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.S3_AWS_ACCESS_KEY }}

docs/pom.xml

@@ -32,7 +32,7 @@
 		<docs.main>spring-cloud-aws</docs.main>
 		<main.basedir>${basedir}/..</main.basedir>
 		<docs.whitelisted.branches>2.1.x,2.2.x,2.3.x</docs.whitelisted.branches>
-		<configprops.inclusionPattern>cloud.aws.*|aws.*</configprops.inclusionPattern>
+		<configprops.inclusionPattern>cloud.aws.*|aws.*|spring.cloud.aws.*</configprops.inclusionPattern>
 		<upload-docs-zip.phase>deploy</upload-docs-zip.phase>
 		<generated-docs-multipage-output.dir>${project.build.directory}/generated-docs/${project.version}/reference/html</generated-docs-multipage-output.dir>
 		<generated-docs-singlepage-output.dir>${project.build.directory}/generated-docs/${project.version}/reference/htmlsingle</generated-docs-singlepage-output.dir>

docs/src/main/asciidoc/_configprops.adoc

@@ -27,6 +27,7 @@
 |cloud.aws.elasticache.default-expiration | `0` | Configures the default expiration time in seconds if there is no custom expiration time configuration with a {@link Cluster} configuration for the cache. The expiration time is implementation specific (e.g. Redis or Memcached) and could therefore differ in the behaviour based on the cache implementation.
 |cloud.aws.elasticache.enabled | `true` | Enables ElastiCache integration.
 |cloud.aws.elasticache.expiry-time-per-cache |  | 
+|cloud.aws.instance.data.enabled | `false` | Enables Instance Data integration.
 |cloud.aws.loader.core-pool-size | `1` | The core pool size of the Task Executor used for parallel S3 interaction. @see org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor#setCorePoolSize(int)
 |cloud.aws.loader.max-pool-size |  | The maximum pool size of the Task Executor used for parallel S3 interaction. @see org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor#setMaxPoolSize(int)
 |cloud.aws.loader.queue-capacity |  | The maximum queue capacity for backed up S3 requests. @see org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor#setQueueCapacity(int)
@@ -56,5 +57,12 @@
 |cloud.aws.stack.auto | `true` | Enables the automatic stack name detection for the application.
 |cloud.aws.stack.enabled | `true` | Enables Stack integration.
 |cloud.aws.stack.name |  | The name of the manually configured stack name that will be used to retrieve the resources.
+|spring.cloud.aws.security.cognito.algorithm | `RS256` | Encryption algorithm used to sign the JWK token.
+|spring.cloud.aws.security.cognito.app-client-id |  | Non-dynamic audience string to validate.
+|spring.cloud.aws.security.cognito.enabled | `true` | Enables Cognito integration.
+|spring.cloud.aws.security.cognito.region |  | 
+|spring.cloud.aws.security.cognito.user-pool-id |  | 
+|spring.cloud.aws.ses.enabled | `true` | Enables Simple Email Service integration.
+|spring.cloud.aws.ses.region |  | Overrides the default region.
 
 |===

docs/src/main/asciidoc/cloudformation.adoc

@@ -15,6 +15,18 @@ template file and creates all resources with their _physical name_. The applicat
 with the _logical name_ defined in the template. Spring Cloud AWS resolves all _logical names_ into the respective
 _physical name_ for the application developer.
 
+=== Dependencies
+
+To enable CloudFormation support in Spring Cloud AWS you must add following dependency that will trigger `ContextStackAutoConfiguration`:
+
+[source,xml,indent=0]
+----
+<dependency>
+    <groupId>com.amazonaws</groupId>
+    <artifactId>aws-java-sdk-cloudformation</artifactId>
+</dependency>
+----
+
 === Automatic CloudFormation configuration
 If the application runs inside a stack (because the underlying EC2 instance has been bootstrapped within the stack), then
 Spring Cloud AWS will automatically detect the stack and resolve all resources from the stack. Application developers

docs/src/main/asciidoc/s3.adoc

@@ -6,7 +6,11 @@ to load and write resources with the resource loader and the `s3` protocol.
 The resource loader is part of the context module, therefore no additional dependencies are necessary to use the resource
 handling support.
 
-=== Configuring the resource loader
+=== Configuring the resource loader with Spring Boot
+
+Resource loader is enabled by default when `spring-cloud-starter-aws` is added as the dependency.
+
+=== Configuring the resource loader with XML
 Spring Cloud AWS does not modify the default resource loader unless it encounters an explicit configuration with an XML namespace element.
 The configuration consists of one element for the whole application context that is shown below:
 
@@ -106,13 +110,15 @@ This example shows the use of the `transferManager` within an application to upl
 
 [source,java,indent=0]
 ----
-public class SimpleResourceLoadingBean {
+public class SimpleResourceUploadingBean {
 
 	@Autowired
 	private AmazonS3 amazonS3;
 
 	public void withTransferManager() {
-		TransferManager transferManager = new TransferManager(this.amazonS3);
+		TransferManager transferManager = TransferManagerBuilder.standard()
+		                                                        .withS3Client(this.amazonS3)
+		                                                        .build();
 		transferManager.upload("myBucket","filename",new File("someFile"));
 	}
 }
@@ -192,3 +198,45 @@ public class SimpleResourceLoadingBean {
 	}
 }
 ----
+
+=== IAM Permissions
+red
+Following IAM permissions are required by Spring Cloud AWS:
+
+[cols="2"]
+|===
+| Downloading files
+| `s3:GetObject`
+
+| Searching files
+| `s3:ListObjects`
+
+| Uploading files
+| `s3:PutObject`
+|===
+
+Sample IAM policy granting access to `spring-cloud-aws-demo` bucket:
+
+[source,json,indent=0]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": "s3:ListBucket",
+            "Resource": "arn:aws:s3:::spring-cloud-aws-demo"
+        },
+        {
+            "Effect": "Allow",
+            "Action": "s3:GetObject",
+            "Resource": "arn:aws:s3:::spring-cloud-aws-demo/*"
+        },
+        {
+            "Effect": "Allow",
+            "Action": "s3:PutObject",
+            "Resource": "arn:aws:s3:::spring-cloud-aws-demo/*"
+        }
+    ]
+}
+----

docs/src/main/asciidoc/ses.adoc

@@ -142,10 +142,57 @@ an SES service where the client is overridden to use a valid region (EU-WEST-1).
 </beans>
 ----
 
+Since 2.3, if using spring-boot, the existing auto-configuration offers a specific configuration property to set the
+region for the SES client.
+
+[source,properties,indent=0]
+----
+cloud.aws.mail.region=eu-west-1
+----
+
+Also, there is a new starter `spring-cloud-starter-aws-ses` and it offers a specific configuration property.
+
+[source,properties,indent=0]
+----
+spring.cloud.aws.ses.region=eu-west-1
+----
+
 === Authenticating e-mails
 To avoid any spam attacks on the Amazon SES mail service, applications without production access must
 https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html[verify] each
 e-mail receiver otherwise the mail sender will throw a `com.amazonaws.services.simpleemail.model.MessageRejectedException`.
 
 https://docs.aws.amazon.com/ses/latest/DeveloperGuide/request-production-access.html[Production access] can be requested
 and will disable the need for mail address verification.
+
+=== IAM Permissions
+Following IAM permissions are required by Spring Cloud AWS:
+
+[cols="2"]
+|===
+| Send e-mail without attachment
+| `ses:SendEmail`
+
+| Send e-mail with attachment
+| `ses:SendRawEmail`
+
+|===
+
+Sample IAM policy granting access to SES:
+
+[source,json,indent=0]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "ses:SendEmail",
+                "ses:SendRawEmail"
+            ],
+            "Resource": "arn:aws:ses:your:arn"
+        }
+    ]
+}
+----

docs/src/main/asciidoc/spring-cloud-aws.adoc

@@ -425,8 +425,8 @@ The next example shows a typical Spring `@Configuration` class that enables the
 ----
 
 ==== Enabling instance metadata support in Spring Boot
-The instance metadata is automatically available in a Spring Boot application as a property source if the application
-is running on an EC2 instance.
+The instance metadata is available in a Spring Boot application as a property source if the application
+is running on an EC2 instance and `cloud.aws.instance.data.enabled` property is set to `true`.
 
 ==== Using instance metadata
 Instance metadata can be used in XML, Java placeholders and expressions. The example below demonstrates the usage of

docs/src/main/asciidoc/sqs.adoc

@@ -268,3 +268,41 @@ public void receive(S3EventNotification s3EventNotificationRecord) {
 	S3EventNotification.S3Entity s3Entity = s3EventNotificationRecord.getRecords().get(0).getS3();
 }
 ----
+
+=== IAM Permissions
+Following IAM permissions are required by Spring Cloud AWS:
+
+[cols="2"]
+|===
+| Send message to Queue
+| `sqs:SendMessage`
+
+| Receive message from queue
+| `sqs:ReceiveMessage`
+
+| Delete message from queue
+| `sqs:DeleteMessage`
+
+| To use sqsListener with SimpleMessageListenerContainerFactory you will need to add as well
+| `sqs:GetQueueAttributes`
+
+|===
+
+Sample IAM policy granting access to SQS:
+
+[source,json,indent=0]
+----
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "sqs:DeleteMessage",
+                "sqs:ReceiveMessage",
+                "sqs:SendMessage",
+                "sqs:GetQueueAttributes"
+            ],
+            "Resource": "yourARN"
+        }
+----

pom.xml

@@ -61,11 +61,13 @@
 		<module>spring-cloud-aws-autoconfigure</module>
 		<module>spring-cloud-aws-parameter-store-config</module>
 		<module>spring-cloud-aws-secrets-manager-config</module>
+		<module>spring-cloud-aws-ses</module>
 		<module>spring-cloud-starter-aws</module>
 		<module>spring-cloud-starter-aws-jdbc</module>
 		<module>spring-cloud-starter-aws-messaging</module>
 		<module>spring-cloud-starter-aws-parameter-store-config</module>
 		<module>spring-cloud-starter-aws-secrets-manager-config</module>
+		<module>spring-cloud-starter-aws-ses</module>
 		<module>spring-cloud-aws-integration-test</module>
 		<module>docs</module>
 		<module>samples</module>

spring-cloud-aws-autoconfigure/pom.xml

@@ -48,6 +48,11 @@
 			<artifactId>spring-cloud-aws-parameter-store-config</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.cloud</groupId>
+			<artifactId>spring-cloud-aws-ses</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-autoconfigure</artifactId>
@@ -57,6 +62,25 @@
 			<artifactId>spring-boot-actuator-autoconfigure</artifactId>
 			<optional>true</optional>
 		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-jose</artifactId>
+			<optional>true</optional>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-resource-server</artifactId>
+			<optional>true</optional>
+		</dependency>
+
 		<dependency>
 			<groupId>io.micrometer</groupId>
 			<artifactId>micrometer-registry-cloudwatch</artifactId>
@@ -87,6 +111,11 @@
 			<artifactId>aws-java-sdk-ses</artifactId>
 			<optional>true</optional>
 		</dependency>
+		<dependency>
+			<groupId>com.amazonaws</groupId>
+			<artifactId>aws-java-sdk-cloudformation</artifactId>
+			<optional>true</optional>
+		</dependency>
 		<dependency>
 			<groupId>com.amazonaws</groupId>
 			<artifactId>aws-java-sdk-cloudwatch</artifactId>

spring-cloud-aws-autoconfigure/src/main/java/org/springframework/cloud/aws/autoconfigure/condition/ConditionalOnAwsCloudEnvironment.java

@@ -29,6 +29,9 @@
  * started inside an AWS cloud environment. Useful for beans that should only be created
  * if the application context is bootstrapped inside the AWS environment.
  *
+ * Note: if application does not run in AWS environment, evaluating this condition can
+ * take several seconds.
+ *
  * @author Agim Emruli
  * @author Eddú Meléndez
  */

spring-cloud-aws-autoconfigure/src/main/java/org/springframework/cloud/aws/autoconfigure/context/ContextInstanceDataAutoConfiguration.java

@@ -17,6 +17,7 @@
 package org.springframework.cloud.aws.autoconfigure.context;
 
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.cloud.aws.autoconfigure.condition.ConditionalOnAwsCloudEnvironment;
 import org.springframework.context.EnvironmentAware;
 import org.springframework.context.annotation.Configuration;
@@ -28,9 +29,13 @@
 import static org.springframework.cloud.aws.context.config.support.ContextConfigurationUtils.registerInstanceDataPropertySource;
 
 /**
+ * Enables passing EC2 instance metadata into Spring
+ * {@link org.springframework.context.annotation.PropertySource}.
+ *
  * @author Agim Emruli
  */
 @Configuration(proxyBeanMethods = false)
+@ConditionalOnProperty(name = "cloud.aws.instance.data.enabled", havingValue = "true")
 @ConditionalOnAwsCloudEnvironment
 @Import(ContextInstanceDataAutoConfiguration.Registrar.class)
 public class ContextInstanceDataAutoConfiguration {

spring-cloud-aws-autoconfigure/src/main/java/org/springframework/cloud/aws/autoconfigure/jdbc/AmazonRdsDatabaseProperties.java

@@ -82,7 +82,7 @@ public static class RdsInstance {
 		private boolean readReplicaSupport = false;
 
 		public boolean hasRequiredPropertiesSet() {
-			return !StringUtils.isEmpty(this.getDbInstanceIdentifier()) && !StringUtils.isEmpty(this.getPassword());
+			return StringUtils.hasLength(this.getDbInstanceIdentifier()) && StringUtils.hasLength(this.getPassword());
 		}
 
 		public String getDbInstanceIdentifier() {