how to use a private yum repo on amazon-s3 to provision amazon-ec2 instances?

Question

My fantasy is to be able to spin up a standard AMI, load a tiny script and end up with a properly configured server instance.

Part of this is that I would like to have a PRIVATE yum repo in S3 that would contain some proprietary code.

It seems that S3 wants you to either be public or use AMZN's own special flavor of authentication.

Is there any way that I can use standard HTTPS + either Basic or Digest auth with S3? I'm talking about direct references to S3, not going through a web-server to get to S3.

If the answer is 'no', has anyone thought about adding AWS Auth support to yum?

Answer 1

The code in cgbystrom's git repo is an expression of intent rather than working code.

I've made a fork and gotten things working, at least for us, and would love for someone else to take over.

https://github.com/rmela/yum-s3-plugin

Answer 2

You can certainly use Amazon S3 to host a private Yum repository. Instead of fiddling with authentication, you could try a different route: limit access to your private S3 bucket by IP address. This is entirely supported, see the S3 documentation.

A second option is to use a Yum plug-in that provides the necessary authentication. Seems like someone already started working on such a plug-in: https://github.com/cgbystrom/yum-s3-plugin.

Answer 3

I'm not aware that you can use non-proprietary authentication with S3, however we accomplish a similar goal by mounting an EBS volume to our instances once they fire up. You can then access the EBS volume as if it were part of the local file system.

We can make changes to EBS as needed to keep it up to date (often updating it hourly). Each new instance that mounts the EBS volume gets the data current as of the mount time.