Difference between revisions of "Git to AWS S3 System"

From Lingoport Wiki
Jump to: navigation, search
(Storing the AWS Credentials)
(Test)
Line 58: Line 58:
 
echo "Testing view access:"
 
echo "Testing view access:"
 
aws s3 ls s3://<your bucket>/<optional path>
 
aws s3 ls s3://<your bucket>/<optional path>
touch test.txt
 
   
 
echo "Testing write access:"
 
echo "Testing write access:"
  +
echo "Write me." > test.txt
 
aws s3 cp test.txt s3://<your bucket>/<optional path>/text.txt # --SSE AES256 # <--- uncomment that if encryption is required and your org uses the default AES256
 
aws s3 cp test.txt s3://<your bucket>/<optional path>/text.txt # --SSE AES256 # <--- uncomment that if encryption is required and your org uses the default AES256
 
encryption. Or replace with other settings as needed.
 
encryption. Or replace with other settings as needed.

Revision as of 16:45, 6 December 2021

Install AWS Client V2

On the Unix box, install AWS Client (Version 2). To do so, follow this link

Or quickreference on Linux is:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

AWS User

The system authenticates to S3 by providing an AWS aws_access_key_id and the associated aws_secret_access_key.

Most common is to create a service account to provide these credentials.

Please find associated aws documentation here

The provided account must have permissions to read and write to the associated AWS S3 bucket.


Storing the AWS Credentials

As the 'jenkins' user on the target system, create /var/lib/jenkins/.aws (~/.aws as 'jenkins'), along with a .aws/config and .aws/credentials.

Examples:

$ whoami
jenkins

$ mkdir -p ~/.aws

$ : #Substitute your region for us-east-1 as needed:

$ cat <<EOF >> ~/.aws/config
[default]
region=us-east-1
output=json
EOF

$ : # Fill in the aws_access_key_id and aws_secret_access_key per your organization's AWS service account:

$ cat <<EOF >> ~/.aws/credentials
[default]
aws_access_key_id=<access key id associated with read+write access to the target S3 bucket per your Org>
aws_secret_access_key=<secret access key associated with the aws_access_key_id above>
notes="S3 Read+Write access for <your Org>"
EOF

Test

Make sure you can read, download from, and write to the target s3 bucket. From the system, try running:

echo "Testing view access:"
aws s3 ls s3://<your bucket>/<optional path>

echo "Testing write access:"
echo "Write me." > test.txt 
aws s3 cp test.txt s3://<your bucket>/<optional path>/text.txt   # --SSE AES256 # <--- uncomment that if encryption is required and your org uses the default AES256 
encryption. Or replace with other settings as needed.

echo "Testing download access:" 
aws s3 cp s3://<your bucket>/<optional path>/text.txt .