seporaitis/yum-s3-iam seporaitis/yum-s3-iam

  • Stars
    star
    162
  • Rank 230,961 (Top 5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created about 12 years ago
  • Updated 7 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
seporaitis/yum-s3-iam
github

seporaitis

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Yum package manager plugin for private S3 repositories. Uses Amazon IAM & EC2 Roles.

yum-s3-iam

This is a yum plugin that allows for private AWS S3 buckets to be used as package repositories. The plugin utilizes AWS Identity and Access Management (IAM) roles for authorization, removing any requirement for an access or secret key pair to be defined anywhere in your repository configuration.

What is an IAM Role?

IAM Roles are used to control access to AWS services and resources.

For further details, take a look at the AWS-provided documentation: docs.

Why it's useful: when you assign an IAM role to an EC2 instance, credentials to access the instance are automatically provided by AWS. This removes the need to store them, change and/or rotate them, while also providing fine-grain controls over what actions can be performed when using the credentials.

This particular plug-in makes use of the IAM credentials when accessing S3 buckets backing a yum repository.

How to set it up?

There is a great blog post by Jeremy Carroll which explains in depth how to use this plugin: S3 Yum Repos With IAM Authorization (via Wayback Machine).

Notes on S3 buckets and URLs

There are 2 types of S3 URLs:

  • virtual-hosted–style URL:
    • https://<bucket>.s3.amazonaws.com/<path> if region is US East (us-east-1)
    • https://<bucket>.s3-<aws-region>.amazonaws.com/<path> in other regions
  • path-style URLs:
    • https://s3.amazonaws.com/<bucket>/<path> if region is US East (us-east-1)
    • https://s3-<aws-region>.amazonaws.com/<bucket>/<path> in other regions

When using HTTP/S and a bucket name containing a dot (.) you need to use the path-style URL syntax.

Use outside of EC2

Some use-cases (Continuous Integration, Docker) involve S3-hosted yum repositories being accessed from outside EC2. For those cases two options are available:

  • Use AWS API keys in AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY (and optionally AWS_SESSION_TOKEN) environment variables. Those will be used as a fallback if IAM role credentials can not be accessed.
  • Defining the environment DISABLE_YUM_S3_IAM to 1 will disable the use of the yum-s3-iam plugin. This should be used with S3 bucket IP white-listing.

Limitations

Currently the plugin does not support:

  • Proxy server configuration
  • Multi-valued baseurl or mirrorlist

Testing

Use make test to run some simple tests.

Testing with docker compose:

docker-compose -f docker-compose.tests.yml run yum-s3-iam test
docker-compose -f docker-compose.tests.yml down --volumes --rmi all

License

Apache 2.0 license. See LICENSE.

Maintainers

  • Mathias Brossard
  • Mischa Spiegelmock
  • Sean Edge

Author(s)

More Repositories

1

bigpipe

OpenPipe is a quick, dirty and lightweight (1.5Kb) implementation of Facebook BigPipe dynamic webpage serving system.
JavaScript
42
star
2

mysqlparse

Python library for parsing SQL statements
Python
22
star
3

xv6-public

A disconected fork of MIT xv6 OS
C
18
star
4

fuchsia

A wiki for understanding Google Fuchsia and it's Magenta kernel
5
star
5

django-tutorial-tests

Django tutorial application with a few more tests.
Python
5
star
6

hsaur-python

Various exercises from the book "Handbook of Statistical Analysis Using R" done in Python
Jupyter Notebook
5
star
7

poor-smime-sign

A poor mans tool to do S/MIME signatures in Python2 and 3.
Python
5
star
8

awscli-plugin-credential-mfa

awscli now asks for token code when used with MFA enabled IAM accounts.
Python
4
star
9

lt-geojson

Various level exports of lithuanian administrative districts in GeoJSON format for data visualizations.
Jupyter Notebook
4
star
10

praktikos-ataskaita-latex

Vilniaus Universiteto Matematikos ir Informatikos Fakulteto (MIF) Programų sistemų katedrai pagal metodinius nurodymus pritaikytas LaTeX praktikos ataskaitos šablonas.
3
star
11

flake8-no-fstring

flake8-no-fstring
Python
1
star
12

graphqlpy

A humble attempt at a library generating GraphQL queries programatically.
Python
1
star
13

warlok

An evil cousin to Arcanist
Python
1
star
14

rpmbuild-centos7-github-action

Dockerfile
1
star
15

theme-sepa

Jekyll theme I use for my blog.
1
star
16

dydra-unofficial-php

Unofficial php wrapper around Dydra REST API and SPARQL endpoint
PHP
1
star
17

pyparsing-slides

A quick intro to pyparsing library that I had to do for an interview.
JavaScript
1
star
18

pybowler-example-repo

A repository with some PyBowler examples
Python
1
star
19

sourcegraph-local

A repository explaining how to run Sourcegraph single container, with many other features.
1
star