This project is a fork of a Maven Wagon for Amazon S3. In order to to publish artifacts to an S3 bucket, the user (as identified by their access key) must be listed as an owner on the bucket.
- original repo not maintained for a long time but we updated fork to the latest libs.
- we fixed some of issues that blocks others and us.
- no support from maintainers of original repo.
To publish Maven artifacts to S3 a build extension must be defined in a project's pom.xml. The latest version of the wagon can be found on the aws-maven page in Maven Central.
<project>
...
<build>
...
<plugins>
...
<plugin>
<groupId>com.github.poad</groupId>
<artifactId>aws-maven</artifactId>
<version>7.0.0</version>
<extensions>true</extensions>
</plugin>
...
</plugins>
...
</build>
...
</project>Once the build extension is configured distribution management repositories can be defined in the pom.xml with an s3:// scheme.
<project>
...
<distributionManagement>
<repository>
<id>aws-release</id>
<name>AWS Release Repository</name>
<url>s3://<BUCKET>/release</url>
</repository>
<snapshotRepository>
<id>aws-snapshot</id>
<name>AWS Snapshot Repository</name>
<url>s3://<BUCKET>/snapshot</url>
</snapshotRepository>
</distributionManagement>
...
</project>Finally the ~/.m2/settings.xml must be updated to include access and secret keys for the account. The access key should be used to populate the username element, and the secret access key should be used to populate the password element.
<settings>
...
<servers>
...
<server>
<id>aws-release</id>
<username>0123456789ABCDEFGHIJ</username>
<password>0123456789abcdefghijklmnopqrstuvwxyzABCD</password>
<configuration>
<wagonProvider>s3</wagonProvider>
</configuration>
</server>
<server>
<id>aws-snapshot</id>
<username>0123456789ABCDEFGHIJ</username>
<password>0123456789abcdefghijklmnopqrstuvwxyzABCD</password>
<configuration>
<wagonProvider>s3</wagonProvider>
</configuration>
</server>
...
</servers>
...
</settings>For being able to connect behind an HTTP proxy you need to add the following configuration to ~/.m2/settings.xml:
<settings>
...
<proxies>
...
<proxy>
<active>true</active>
<protocol>s3</protocol>
<host>myproxy.host.com</host>
<port>8080</port>
<username>proxyuser</username>
<password>somepassword</password>
<nonProxyHosts>www.google.com|*.somewhere.com</nonProxyHosts>
</proxy>
...
</proxies>
...
</settings>Alternatively, the access and secret keys for the account can be provided using (applied in order below)
aws.accessKeyIdandaws.secretKeysystem propertiesAWS_ACCESS_KEY_ID(orAWS_ACCESS_KEY) andAWS_SECRET_KEY(orAWS_SECRET_ACCESS_KEY) environment variablesaws_access_key_idandaws_secret_access_keyof aws cli- The Amazon EC2 Instance Metadata Service
This wagon doesn't set an explict ACL for each artifact that is uploaded. Instead you should create an AWS Bucket Policy to set permissions on objects. A bucket policy can be set in the AWS Console and can be generated using the AWS Policy Generator.
In order to make the contents of a bucket public you need to add statements with the following details to your policy:
| Effect | Principal | Action | Amazon Resource Name (ARN) |
|---|---|---|---|
Allow |
* |
ListBucket |
arn:aws:s3:::<BUCKET> |
Allow |
* |
GetObject |
arn:aws:s3:::<BUCKET>/* |
If your policy is setup properly it should look something like:
{
"Id": "Policy1397027253868",
"Statement": [
{
"Sid": "Stmt1397027243665",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<BUCKET>",
"Principal": {
"AWS": [
"*"
]
}
},
{
"Sid": "Stmt1397027177153",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::<BUCKET>/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}If you prefer to use the command line, you can use the following script to make the contents of a bucket public:
BUCKET=<BUCKET>
TIMESTAMP=$(date +%Y%m%d%H%M)
POLICY=$(cat<<EOF
{
"Id": "public-read-policy-$TIMESTAMP",
"Statement": [
{
"Sid": "list-bucket-$TIMESTAMP",
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::$BUCKET",
"Principal": {
"AWS": [
"*"
]
}
},
{
"Sid": "get-object-$TIMESTAMP",
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::$BUCKET/*",
"Principal": {
"AWS": [
"*"
]
}
}
]
}
EOF
)
aws s3api put-bucket-policy --bucket $BUCKET --policy "$POLICY"7.0.0- Update the dependencies
- Add support Java 21
6.0.8- fix for bucket region selection failure by @stutily in #420
- Update the dependencies
6.0.7- Bumps Maven Wagon Provider API to 3.5.0
6.0.6- Bumps log4j2 to 2.17.0
6.0.5- Bumps log4j2 to 2.15.0
6.0.4- Migrate Maven to Gradle
- Migrate Logger to Log4j2
6.0.3- Support proxy username, password, nonProxyHosts. (#8)
- Updated to the latest versions of aws-sdk.
6.0.2- Updated to the latest versions of aws-sdk.
6.0.1- Updated to the latest versions of aws-sdk.
- Supports Put to a private repository in PutObject as if not setting ACL。
6.0.0- Updated to the latest versions of aws-sdk and maven-wagon.
- Changed order of aws credential resolution strategy.
- Added support of all regions defined in aws-sdk.
Copyright 2018-Present Platform Team.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.