Getting Secrets from AWS Java SDK

Question regarding Java SDK and usage to retrieve information about an AWS service?

Obviously hardcoding secrets and stuff is not good, so what is the best way to do this, for say retrieving an AWS Cognito resource?

• AWS SSM get parameter store (cognito client id, pool id)
• Secrets Manager?
• Use AWS Cognito API to find a pool programmatically?
Any other ideas

Hard coding secrets isn’t good, but hard stuff is great. Is there a reason not hard code the clientId and pool Id in your source code? If these never change, it’s definitely the best case to actually hard code them.

Ok, I decided to use Parameter Store in the end

This will be set by Terraform which some of the DevOps guys can do for me

Is it you are creating cognito pool in the IaC and then need to inject that into your running process, so you need to output it somewhere, to pull it back in?

Yea, at least I think thats what will happen

Will soon find out :smile:

I recommend either hard coding it in the source code after it is created. And if you really wanted it automated, I suggest using CFN outputs, and then write that to a ENV file you can deploy with your source code. Using Parameter store during production runtime isn’t a great idea because it doesn’t have a defined SLA which means it could cause production downtime.