I have a Spring boot app which connects to PostgreSQL on AWS. I want to store database configuration like DB URL,Username and password on the AWS parameter store as secureStrings.

I want to access these parameters from AWS Parameter store in Environment variables like we set:

SERVER_PORT = 5000 
SPRING_DATASOURCE_PASSWORD = /dev/databases/postgresql/awsdbinstance/password 

where /dev/databases/postgresql/awsdbinstance/password is the name of the AWS parameter store.

I have also added an IAM policy to EC2 instances for SSMReadOnly access but still the values are not accessible. What am I doing wrong and how can i achieve this?

Also, what is the standard way to achieve this?

I didn't want to add a property in YAML file which tries to retrieve value from AWS parameter store rather i assumed its better if the property is injected via Elastic Beanstalk environment variables itself.

I am also having the same problem. I do not have yet a working solution but I put together some ideas that might help other people to solve it:

1. There are packages to inject SSM parameters in your env (For example https://www.npmjs.com/package/@mschnee/ssm-env?activeTab=readme) You could even create a script for doing it yourself.

2. You can call this script in an ebextension, so each time the env is rebuilt the env variables will be set in your env.

I am a bit lost in the second point, but, It should be something like this

container_commands:
  0100_inject_env_variables:
    command: /scripts/inject_env_variables.sh

And the inject_env_variables.sh file:

ssm-env EXPORT "/variables-path1/" "/variables-path2/" -- node path/to/app.js > .env

As I told you before, I do not have the correct answer yet, but I think this is the way. Let's see if a more experienced developer corrects me.