I have a SpringBoot application that is running on EC2 as a docker container and it is accessing S3, Postgres and Kafka (MSK). The app is doing video processing and using GPUs. I am planning to migrate the app to some GPU rental platform because it is cheaper. From what I understand there I will have a VM where I can run my app.
There are 2 questions in regards of this migration:
1: How should I manage the deployments? Should I login to ECR from the VM and pull the image and then run the container or clone the repository on the VM and build & run there? In the first scenario I assume I would have to configure the AWS CLI on that VM to log in to ECR. Would this be safe to do?
2: What would be the best and most secure way of connecting to AWS resources from that platform? On EC2 I use IAM but I think this will not work anymore from that VM. The only idea I have is to configure AWS CLI there and then to have some Environment Variables Credentials Provider that does the login logic (using AWS SDK).
I am pretty new to this kind of work, so any advice is well appreciated, thank you!
Configuring the AWS services via an injected secret to the container is probably your best bet. Running the docker container locally to the VM and providing the AWS credentials via Docker Secrets. From there you will want to mount the secrets in the user's folder so that springboot can pick them up as a valid AWS credentials.