AWS Secrets Manager

Integrate AWS Secrets Manager with your Gatling scripts to securely retrieve and manage secret values after the initialization stage of your load generators.

Use Case

Integrating AWS Secrets Manager with Gatling allows secure access and retrieval of secret values directly within your Gatling scripts. This process is performed only once during the spawning of load generators in the initialization block, ensuring your secrets are handled securely before launching your simulation test.

Prerequisites

Utilizing Gatling Enterprise’s Private Locations feature. For more information, visit: Gatling Cloud Installation Guide
Using Gatling SDK with Java 1.x or 2.x.

Configuration

To enable secure access to AWS Secrets Manager, assign an IAM instance profile to your load generators. This profile should grant access permissions for retrieving and describing secrets as detailed below. For more information, visit: Gatling AWS Locations Configuration.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
            ],
            "Resource": "arn:aws:secretsmanager:{region}:{account-id}:secret:{secret-name}"
        }
    ]
}

Batch Retrieval Permissions

To retrieve secrets in batches, ensure you have the secretsmanager:GetSecretValue permission for each secret. Additionally, the secretsmanager:BatchGetSecretValue permission is required.

Pass Role Policy

Next policy is required to pass the created role as an iam-instance-profile to AWS private location.

IAM Instance Profile on AWS private location allow to assign that role to all load generator instances spawned for that private location.

GatlingIAMPolicy allows the Control Plane to pass an IAM instance profile role to a deployed a load generator on EC2.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "iam:PassRole"
            ],
            "Effect": "Allow",
            "Resource": [
                "arn:aws:iam::{Account}:role/{RoleNameWithPath}"
            ]
        }
    ]
}

The resources are the Amazon Resource Names (ARN) of the IAM instance-profile roles you configured on some of your private locations.

Installation

Install the AWS SDK into your Java project using either Maven or Gradle:

Suggested Implementation

Utilize the AWS SDK for Java 2.x to implement the Get a Secret Value sample from the AWS Secrets Manager examples. For more detailed examples, visit the AWS SDK for Java Code Examples.

import io.gatling.javaapi.core.*;

import software.amazon.awssdk.regions.Region;
import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueResponse;
  
public class AWSSecretsManagerSampleJava extends Simulation {
    {
        String secretName = "my-secret-name";
        Region region = Region.of("{region-name}");

        SecretsManagerClient client = SecretsManagerClient.builder().region(region).build();

        GetSecretValueRequest getSecretValueRequest = GetSecretValueRequest.builder().secretId(secretName).build();
        GetSecretValueResponse getSecretValueResponse;

        try {
            getSecretValueResponse = client.getSecretValue(getSecretValueRequest);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        String secret = getSecretValueResponse.secretString();
    }
}

Edit this page on GitHub

AWS Secrets Manager

Use Case#

Prerequisites#

Configuration#

Batch Retrieval Permissions#

Pass Role Policy#

Installation#

Suggested Implementation#