From 90e4ef9e11d75584b4d4029f011845501ecf9250 Mon Sep 17 00:00:00 2001
From: songhyeonpk <ehftozl1997@gmail.com>
Date: Tue, 23 Dec 2025 17:21:39 +0900
Subject: [PATCH] =?UTF-8?q?chore:=20=EC=9D=B8=ED=94=84=EB=9D=BC=20?=
 =?UTF-8?q?=ED=99=98=EA=B2=BD=20=EB=B3=80=EA=B2=BD=20=ED=85=8C=EC=8A=A4?=
 =?UTF-8?q?=ED=8A=B8=20(#172)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* chore: gce 배포 테스트를 위한 수동 워크플로우 추가
* chore: s3 자격증명 설정 변경
* feat: s3 접근 테스트 API 추가
---
 .../develop-build-deploy-gce-manual.yml       | 123 ++++++++
 .github/workflows/develop_build_deploy.yml    | 280 +++++++++---------
 .../server/gcetest/GceS3TestController.java   |  34 +++
 .../ftm/server/gcetest/GceS3TestService.java  |  69 +++++
 .../server/infrastructure/s3/S3Config.java    |  53 +++-
 .../security/SecurityConfig.java              |   2 +-
 src/main/resources/application-storage.yml    |   8 +-
 7 files changed, 423 insertions(+), 146 deletions(-)
 create mode 100644 .github/workflows/develop-build-deploy-gce-manual.yml
 create mode 100644 src/main/java/com/ftm/server/gcetest/GceS3TestController.java
 create mode 100644 src/main/java/com/ftm/server/gcetest/GceS3TestService.java

diff --git a/.github/workflows/develop-build-deploy-gce-manual.yml b/.github/workflows/develop-build-deploy-gce-manual.yml
new file mode 100644
index 0000000..0e8423d
--- /dev/null
+++ b/.github/workflows/develop-build-deploy-gce-manual.yml
@@ -0,0 +1,123 @@
+name: develop push Build and Deploy (GCE)
+
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        description: "배포할 브랜치 (수동 테스트 전용)"
+        required: true
+        default: "chore/#172"
+
+env:
+  DOCKERHUB_USERNAME: fittheman
+  DOCKERHUB_IMAGE_NAME: fittheman-server
+
+jobs:
+  build-deploy:
+    runs-on: ubuntu-latest
+    environment: DEV
+
+    steps:
+      # 체크아웃
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      # JDK 17 세팅
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      # 테스트 환경에서 필요한 컨테이너 실행 (redis, postgres)
+      - name: Run Containers
+        run: docker compose -f ./docker-compose-test.yml up -d
+
+      # 테스트 환경에서 필요한 스키마, 데이터 등록
+      - name: Apply Schema and Data
+        env:
+          TEST_POSTGRES_CONTAINER_NAME: "${{ github.event.repository.name }}-postgres-1"
+          TEST_POSTGRES_USER: test
+          TEST_POSTGRES_DB: ftm_test_db
+        run: |
+          echo "⏳ Waiting for postgres to be ready..."
+          until docker exec -i $TEST_POSTGRES_CONTAINER_NAME pg_isready -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB; do
+            echo "postgres is not ready yet. Retrying in 3 seconds..."
+            sleep 3
+          done
+          echo "✅ postgres is ready!"
+
+          echo "${{ secrets.SCHEMA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
+          echo "${{ secrets.DATA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
+
+      # Gradlew 실행 권한 허용
+      - name: Grant Execute Permission for Gradlew
+        run: chmod +x ./gradlew
+
+      # .env 파일 생성
+      - name: Load secrets into .env file
+        run: |
+          echo "${{ secrets.ENV }}" >> .env
+
+      # Swagger API 문서화 task 실행
+      - name: Apply Swagger API Document Task
+        run: ./gradlew copyOasToSwagger
+
+      # Rest Docs API 문서화 task 실행
+      - name: Apply Rest Docs API Document Task
+        run: ./gradlew copyDocument
+
+      # Gradle 빌드
+      - name: Build with Gradle
+        id: gradle
+        uses: gradle/gradle-build-action@v2
+        with:
+          arguments: |
+            bootJar
+            --scan
+          cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
+
+      # Dockerhub 로그인
+      - name: Login to Dockerhub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      # Docker 메타데이터
+      - name: Extract Docker metadata
+        id: metadata
+        uses: docker/metadata-action@v5.5.0
+        env:
+          DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
+        with:
+          images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
+          tags: |
+            type=sha,prefix=
+
+      # Docker 이미지 빌드, 도커허브 푸시
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}  # 추출된 도커 메타데이터 tags -> "${DOCKERHUB_USERNAME}/${DOCKERHUB_IMAGE_NAME}:{TAG}
+
+      # GCE 배포
+      - name: Deploy to GCE Server
+        uses: appleboy/ssh-action@v1.0.3
+        env:
+          IMAGE_FULL_PATH: ${{ steps.metadata.outputs.tags }}
+          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
+        with:
+          host: ${{ secrets.GCE_HOST }}
+          username: ${{ secrets.GCE_USER }}
+          key: ${{ secrets.GCE_SSH_PRIVATE_KEY }}
+          envs: IMAGE_FULL_PATH, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
+          debug: true
+          script: |
+            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
+            docker compose up -d
+            docker image prune -a -f
\ No newline at end of file
diff --git a/.github/workflows/develop_build_deploy.yml b/.github/workflows/develop_build_deploy.yml
index 00e8c1c..67a7d2a 100644
--- a/.github/workflows/develop_build_deploy.yml
+++ b/.github/workflows/develop_build_deploy.yml
@@ -1,140 +1,140 @@
-name: develop push Build and Deploy
-
-on:
-  push:
-    branches: [ "develop" ]
-
-env:
-  DOCKERHUB_USERNAME: fittheman
-  DOCKERHUB_IMAGE_NAME: fittheman-server
-
-jobs:
-  build-deploy:
-    runs-on: ubuntu-latest
-    environment: DEV
-
-    steps:
-      # 체크아웃
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      # JDK 17 세팅
-      - name: Set up JDK 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      # 테스트 환경에서 필요한 컨테이너 실행 (redis, postgres)
-      - name: Run Containers
-        run: docker compose -f ./docker-compose-test.yml up -d
-
-      # 테스트 환경에서 필요한 스키마, 데이터 등록
-      - name: Apply Schema and Data
-        env:
-          TEST_POSTGRES_CONTAINER_NAME: "${{ github.event.repository.name }}-postgres-1"
-          TEST_POSTGRES_USER: test
-          TEST_POSTGRES_DB: ftm_test_db
-        run: |
-          echo "⏳ Waiting for postgres to be ready..."
-          until docker exec -i $TEST_POSTGRES_CONTAINER_NAME pg_isready -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB; do
-            echo "postgres is not ready yet. Retrying in 3 seconds..."
-            sleep 3
-          done
-          echo "✅ postgres is ready!"
-
-          echo "${{ secrets.SCHEMA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
-          echo "${{ secrets.DATA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
-
-      # Gradlew 실행 권한 허용
-      - name: Grant Execute Permission for Gradlew
-        run: chmod +x ./gradlew
-
-      # .env 파일 생성
-      - name: Load secrets into .env file
-        run: |
-          echo "${{ secrets.ENV }}" >> .env
-
-      # Swagger API 문서화 task 실행
-      - name: Apply Swagger API Document Task
-        run: ./gradlew copyOasToSwagger
-
-      # Rest Docs API 문서화 task 실행
-      - name: Apply Rest Docs API Document Task
-        run: ./gradlew copyDocument
-
-      # Gradle 빌드
-      - name: Build with Gradle
-        id: gradle
-        uses: gradle/gradle-build-action@v2
-        with:
-          arguments: |
-            bootJar
-            --scan
-          cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
-
-      # Dockerhub 로그인
-      - name: Login to Dockerhub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ env.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
-
-      # Docker 메타데이터
-      - name: Extract Docker metadata
-        id: metadata
-        uses: docker/metadata-action@v5.5.0
-        env:
-          DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
-        with:
-          images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
-          tags: |
-            type=sha,prefix=
-
-      # Docker 이미지 빌드, 도커허브 푸시
-      - name: Build and Push Docker image
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          push: true
-          tags: ${{ steps.metadata.outputs.tags }}  # 추출된 도커 메타데이터 tags -> "${DOCKERHUB_USERNAME}/${DOCKERHUB_IMAGE_NAME}:{TAG}
-
-      # EC2 서버로 docker-compose.yml 파일 복사
-      - name: Copy docker-compose file to EC2
-        uses: burnett01/rsync-deployments@7.0.1
-        with:
-          switches: -avzr --delete
-          path: docker-compose.yml
-          remote_host: ${{ secrets.EC2_HOST }}
-          remote_user: ${{ secrets.EC2_USER }}
-          remote_key: ${{ secrets.SSH_PRIVATE_KEY }}
-          remote_path: /home/ubuntu/
-
-      # EC2 서버로 nginx 파일 복사
-      # docker-compose.yml 에서 nginx 컨테이너 실행 시 파일을 마운트하기 위함
-      - name: Copy default.conf file to EC2
-        uses: burnett01/rsync-deployments@7.0.1
-        with:
-          switches: -avzr --delete
-          path: ./nginx
-          remote_host: ${{ secrets.EC2_HOST }}
-          remote_user: ${{ secrets.EC2_USER }}
-          remote_key: ${{ secrets.SSH_PRIVATE_KEY }}
-          remote_path: /home/ubuntu
-
-      # EC2 배포
-      - name: Deploy to EC2 Server
-        uses: appleboy/ssh-action@v1.0.3
-        env:
-          IMAGE_FULL_PATH: ${{ steps.metadata.outputs.tags }}
-          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
-        with:
-          host: ${{ secrets.EC2_HOST }}
-          username: ${{ secrets.EC2_USER }}
-          key: ${{ secrets.SSH_PRIVATE_KEY }}
-          envs: IMAGE_FULL_PATH, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
-          debug: true
-          script: |
-            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
-            docker compose up -d
-            docker image prune -a -f
\ No newline at end of file
+#name: develop push Build and Deploy
+#
+#on:
+#  push:
+#    branches: [ "develop" ]
+#
+#env:
+#  DOCKERHUB_USERNAME: fittheman
+#  DOCKERHUB_IMAGE_NAME: fittheman-server
+#
+#jobs:
+#  build-deploy:
+#    runs-on: ubuntu-latest
+#    environment: DEV
+#
+#    steps:
+#      # 체크아웃
+#      - name: Checkout
+#        uses: actions/checkout@v4
+#
+#      # JDK 17 세팅
+#      - name: Set up JDK 17
+#        uses: actions/setup-java@v4
+#        with:
+#          java-version: '17'
+#          distribution: 'temurin'
+#
+#      # 테스트 환경에서 필요한 컨테이너 실행 (redis, postgres)
+#      - name: Run Containers
+#        run: docker compose -f ./docker-compose-test.yml up -d
+#
+#      # 테스트 환경에서 필요한 스키마, 데이터 등록
+#      - name: Apply Schema and Data
+#        env:
+#          TEST_POSTGRES_CONTAINER_NAME: "${{ github.event.repository.name }}-postgres-1"
+#          TEST_POSTGRES_USER: test
+#          TEST_POSTGRES_DB: ftm_test_db
+#        run: |
+#          echo "⏳ Waiting for postgres to be ready..."
+#          until docker exec -i $TEST_POSTGRES_CONTAINER_NAME pg_isready -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB; do
+#            echo "postgres is not ready yet. Retrying in 3 seconds..."
+#            sleep 3
+#          done
+#          echo "✅ postgres is ready!"
+#
+#          echo "${{ secrets.SCHEMA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
+#          echo "${{ secrets.DATA_SQL }}" | docker exec -i $TEST_POSTGRES_CONTAINER_NAME psql -U $TEST_POSTGRES_USER -d $TEST_POSTGRES_DB
+#
+#      # Gradlew 실행 권한 허용
+#      - name: Grant Execute Permission for Gradlew
+#        run: chmod +x ./gradlew
+#
+#      # .env 파일 생성
+#      - name: Load secrets into .env file
+#        run: |
+#          echo "${{ secrets.ENV }}" >> .env
+#
+#      # Swagger API 문서화 task 실행
+#      - name: Apply Swagger API Document Task
+#        run: ./gradlew copyOasToSwagger
+#
+#      # Rest Docs API 문서화 task 실행
+#      - name: Apply Rest Docs API Document Task
+#        run: ./gradlew copyDocument
+#
+#      # Gradle 빌드
+#      - name: Build with Gradle
+#        id: gradle
+#        uses: gradle/gradle-build-action@v2
+#        with:
+#          arguments: |
+#            bootJar
+#            --scan
+#          cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
+#
+#      # Dockerhub 로그인
+#      - name: Login to Dockerhub
+#        uses: docker/login-action@v3
+#        with:
+#          username: ${{ env.DOCKERHUB_USERNAME }}
+#          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+#
+#      # Docker 메타데이터
+#      - name: Extract Docker metadata
+#        id: metadata
+#        uses: docker/metadata-action@v5.5.0
+#        env:
+#          DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
+#        with:
+#          images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
+#          tags: |
+#            type=sha,prefix=
+#
+#      # Docker 이미지 빌드, 도커허브 푸시
+#      - name: Build and Push Docker image
+#        uses: docker/build-push-action@v3
+#        with:
+#          context: .
+#          push: true
+#          tags: ${{ steps.metadata.outputs.tags }}  # 추출된 도커 메타데이터 tags -> "${DOCKERHUB_USERNAME}/${DOCKERHUB_IMAGE_NAME}:{TAG}
+#
+#      # EC2 서버로 docker-compose.yml 파일 복사
+#      - name: Copy docker-compose file to EC2
+#        uses: burnett01/rsync-deployments@7.0.1
+#        with:
+#          switches: -avzr --delete
+#          path: docker-compose.yml
+#          remote_host: ${{ secrets.EC2_HOST }}
+#          remote_user: ${{ secrets.EC2_USER }}
+#          remote_key: ${{ secrets.SSH_PRIVATE_KEY }}
+#          remote_path: /home/ubuntu/
+#
+#      # EC2 서버로 nginx 파일 복사
+#      # docker-compose.yml 에서 nginx 컨테이너 실행 시 파일을 마운트하기 위함
+#      - name: Copy default.conf file to EC2
+#        uses: burnett01/rsync-deployments@7.0.1
+#        with:
+#          switches: -avzr --delete
+#          path: ./nginx
+#          remote_host: ${{ secrets.EC2_HOST }}
+#          remote_user: ${{ secrets.EC2_USER }}
+#          remote_key: ${{ secrets.SSH_PRIVATE_KEY }}
+#          remote_path: /home/ubuntu
+#
+#      # EC2 배포
+#      - name: Deploy to EC2 Server
+#        uses: appleboy/ssh-action@v1.0.3
+#        env:
+#          IMAGE_FULL_PATH: ${{ steps.metadata.outputs.tags }}
+#          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
+#        with:
+#          host: ${{ secrets.EC2_HOST }}
+#          username: ${{ secrets.EC2_USER }}
+#          key: ${{ secrets.SSH_PRIVATE_KEY }}
+#          envs: IMAGE_FULL_PATH, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
+#          debug: true
+#          script: |
+#            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
+#            docker compose up -d
+#            docker image prune -a -f
\ No newline at end of file
diff --git a/src/main/java/com/ftm/server/gcetest/GceS3TestController.java b/src/main/java/com/ftm/server/gcetest/GceS3TestController.java
new file mode 100644
index 0000000..6b4b25f
--- /dev/null
+++ b/src/main/java/com/ftm/server/gcetest/GceS3TestController.java
@@ -0,0 +1,34 @@
+package com.ftm.server.gcetest;
+
+import com.ftm.server.common.response.ApiResponse;
+import com.ftm.server.common.response.enums.SuccessResponseCode;
+import java.util.Map;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/api/internal/s3")
+@RequiredArgsConstructor
+public class GceS3TestController {
+
+    private final GceS3TestService gceS3TestService;
+
+    @GetMapping("/ping")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> head() {
+        Map<String, Object> result = gceS3TestService.ping();
+        return ResponseEntity.ok(ApiResponse.success(SuccessResponseCode.OK, result));
+    }
+
+    @PostMapping("/put")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> put() {
+        Map<String, Object> result = gceS3TestService.put();
+        return ResponseEntity.ok(ApiResponse.success(SuccessResponseCode.OK, result));
+    }
+
+    @PostMapping("/delete")
+    public ResponseEntity<ApiResponse<Map<String, Object>>> delete(@RequestParam String key) {
+        Map<String, Object> result = gceS3TestService.delete(key);
+        return ResponseEntity.ok(ApiResponse.success(SuccessResponseCode.OK, result));
+    }
+}
diff --git a/src/main/java/com/ftm/server/gcetest/GceS3TestService.java b/src/main/java/com/ftm/server/gcetest/GceS3TestService.java
new file mode 100644
index 0000000..74c90b1
--- /dev/null
+++ b/src/main/java/com/ftm/server/gcetest/GceS3TestService.java
@@ -0,0 +1,69 @@
+package com.ftm.server.gcetest;
+
+import java.time.OffsetDateTime;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.UUID;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+import software.amazon.awssdk.core.sync.RequestBody;
+import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import software.amazon.awssdk.services.s3.model.PutObjectResponse;
+
+@Service
+@RequiredArgsConstructor
+@Slf4j
+public class GceS3TestService {
+
+    private final S3Client s3Client;
+
+    private static final String PREFIX = "healthcheck/";
+
+    @Value("${aws.s3.bucket-name}")
+    private String bucket;
+
+    public Map<String, Object> ping() {
+        try {
+            s3Client.headObject(builder -> builder.bucket(bucket));
+        } catch (Exception ex) {
+            log.warn("S3 headObject 예외: {}", ex.getMessage(), ex);
+        }
+
+        return Map.of("ok", true, "bucket", bucket, "checkedAt", OffsetDateTime.now().toString());
+    }
+
+    public Map<String, Object> put() {
+        String objectKey = PREFIX + UUID.randomUUID() + ".txt";
+
+        PutObjectRequest req =
+                PutObjectRequest.builder()
+                        .bucket(bucket)
+                        .key(objectKey)
+                        .contentType("text/plain")
+                        .build();
+
+        PutObjectResponse res = s3Client.putObject(req, RequestBody.empty());
+
+        Map<String, Object> result = new LinkedHashMap<>();
+        result.put("ok", true);
+        result.put("bucket", bucket);
+        result.put("key", objectKey);
+        result.put("etag", res.eTag());
+        return result;
+    }
+
+    public Map<String, Object> delete(String key) {
+        String objectKey = PREFIX + key;
+        s3Client.deleteObject(builder -> builder.bucket(bucket).key(objectKey));
+
+        Map<String, Object> result = new LinkedHashMap<>();
+        result.put("ok", true);
+        result.put("bucket", bucket);
+        result.put("key", objectKey);
+        result.put("deleted", true);
+        return result;
+    }
+}
diff --git a/src/main/java/com/ftm/server/infrastructure/s3/S3Config.java b/src/main/java/com/ftm/server/infrastructure/s3/S3Config.java
index f9f58e1..5ecbdbb 100644
--- a/src/main/java/com/ftm/server/infrastructure/s3/S3Config.java
+++ b/src/main/java/com/ftm/server/infrastructure/s3/S3Config.java
@@ -3,9 +3,13 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
+import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
+import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
 import software.amazon.awssdk.regions.Region;
 import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.sts.StsClient;
+import software.amazon.awssdk.services.sts.auth.StsAssumeRoleCredentialsProvider;
+import software.amazon.awssdk.services.sts.model.AssumeRoleRequest;
 
 @Configuration
 public class S3Config {
@@ -13,13 +17,54 @@ public class S3Config {
     @Value("${aws.s3.region}")
     private String region;
 
+    @Value("${aws.credentials.access-key}")
+    private String accessKey;
+
+    @Value("${aws.credentials.secret-key}")
+    private String secretKey;
+
+    @Value("${aws.sts.role-arn}")
+    private String roleArn;
+
+    @Value("${aws.sts.role-session-name}")
+    private String roleSessionName;
+
+    //    @Bean
+    //    public S3Client s3Client() {
+    //        return S3Client.builder()
+    //                .region(Region.of(region))
+    //                .credentialsProvider(
+    //                        DefaultCredentialsProvider
+    //                                .create()) // EC2에서는 자동 인식 & window&mac 에서는 환경 변수 설정 필요
+    //                .build();
+    //    }
+
     @Bean
     public S3Client s3Client() {
+        StaticCredentialsProvider baseCredentials =
+                StaticCredentialsProvider.create(AwsBasicCredentials.create(accessKey, secretKey));
+
+        StsClient sts =
+                StsClient.builder()
+                        .region(Region.of(region))
+                        .credentialsProvider(baseCredentials)
+                        .build();
+
+        StsAssumeRoleCredentialsProvider assumeRoleProvider =
+                StsAssumeRoleCredentialsProvider.builder()
+                        .stsClient(sts)
+                        .refreshRequest(
+                                AssumeRoleRequest.builder()
+                                        .roleArn(roleArn)
+                                        .roleSessionName(roleSessionName)
+                                        .build())
+                        .build();
+
+        assumeRoleProvider.resolveCredentials();
+
         return S3Client.builder()
                 .region(Region.of(region))
-                .credentialsProvider(
-                        DefaultCredentialsProvider
-                                .create()) // EC2에서는 자동 인식 & window&mac 에서는 환경 변수 설정 필요
+                .credentialsProvider(assumeRoleProvider)
                 .build();
     }
 }
diff --git a/src/main/java/com/ftm/server/infrastructure/security/SecurityConfig.java b/src/main/java/com/ftm/server/infrastructure/security/SecurityConfig.java
index 006dc04..3e79a2e 100644
--- a/src/main/java/com/ftm/server/infrastructure/security/SecurityConfig.java
+++ b/src/main/java/com/ftm/server/infrastructure/security/SecurityConfig.java
@@ -73,7 +73,7 @@ public class SecurityConfig {
         "/api/posts/products"
     };
 
-    private static final String[] ANONYMOUS_MATCHERS = {"/docs/**"};
+    private static final String[] ANONYMOUS_MATCHERS = {"/docs/**", "/api/internal/s3/**"};
 
     @Bean
     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
diff --git a/src/main/resources/application-storage.yml b/src/main/resources/application-storage.yml
index 9a037f6..961fe5b 100644
--- a/src/main/resources/application-storage.yml
+++ b/src/main/resources/application-storage.yml
@@ -14,4 +14,10 @@ aws:
     path:
       user: "users"
       post: "posts"
-      product: "products"
\ No newline at end of file
+      product: "products"
+  sts:
+    role-arn: ${AWS_ROLE_ARN}
+    role-session-name: ftm-dev-s3
+  credentials:
+    access-key: ${AWS_ACCESS_KEY_ID}
+    secret-key: ${AWS_SECRET_ACCESS_KEY}
\ No newline at end of file