Yum package manager plugin for private S3 repositories. Uses Amazon IAM & EC2 Roles.
This is a yum plugin that allows for
private AWS S3 buckets to be used as package repositories. The plugin
utilizes AWS Identity and Access Management
(IAM) roles for authorization, removing any requirement for an access or
secret key pair to be defined anywhere in your repository configuration.
IAM Roles are used to control access to AWS services and resources.
For further details, take a look at the AWS-provided documentation:
docs.
Why it’s useful: when you assign an IAM role to an EC2 instance,
credentials to access the instance are automatically provided by AWS.
This removes the need to store them, change and/or rotate
them, while also providing fine-grain controls over what actions can
be performed when using the credentials.
This particular plug-in makes use of the IAM credentials when accessing
S3 buckets backing a yum repository.
There is a great blog post by Jeremy Carroll which explains in depth how to
use this plugin:
S3 Yum Repos With IAM Authorization (via Wayback Machine).
There are 2 types of S3 URLs:
https://<bucket>.s3.amazonaws.com/<path> if region is US East (us-east-1)https://<bucket>.s3-<aws-region>.amazonaws.com/<path> in other regionshttps://s3.amazonaws.com/<bucket>/<path> if region is US East (us-east-1)https://s3-<aws-region>.amazonaws.com/<bucket>/<path> in other regionsWhen using HTTP/S and a bucket name containing a dot (.) you need to
use the path-style URL syntax.
Some use-cases (Continuous Integration, Docker) involve S3-hosted yum
repositories being accessed from outside EC2. For those cases two
options are available:
Currently the plugin does not support:
Use make test to run some simple tests.
docker-compose -f docker-compose.tests.yml run yum-s3-iam test
docker-compose -f docker-compose.tests.yml down --volumes --rmi all
Apache 2.0 license. See LICENSE.