This is Yum plugin that lets you use private S3 buckets as package repositories. Plugin uses AWS Identity and Access Management (IAM) roles for authorization, so you do not need to enter your access/secret key pair anywhere in configuration.
What is IAM Role?
Roles can be assumed by AWS EC2 instances to gain special permissions. About how it works I suggest you dig through docs.
What is important for us: when you assign role to an EC2 instance, a constantly rotated (by AWS) access credentials become available for access within the instance. This means you don't need to store them anywhere, to change and/or rotate them, and you have a fine-grain control on what actions can be made using those credentials.
How-to set it up?
Read a great blog post by Jeremy Carroll which in depth explains how to use this plugin: S3 Yum Repos With IAM Authorization.
What's with the tests?
The tests will fail, except maybe for the aws signature generation test. And although this code successfully runs on a live machine, I would like some advice of how I could write tests for Yum plugin/AWS API consumer like this one.
Apache 2.0 license. See LICENSE.
- Henry Huang
- Julius Seporaitis
- Robert Melas' code was used as a reference. See NOTICE.