AWS Maven Wagon

This project is a fork from https://github.com/spring-projects/aws-maven to support development and operations at Very Good Security ( VGS ). No guarantees are made for support or updating the component, but as long as we are using it actively we will update it as we need it.

Building and deploying this wagon

mvn install

mvn deploy

Usage

To publish Maven artifacts to S3 a build extension must be defined in a project's pom.xml. The latest version of the wagon can be found on Maven Central public repository https://search.maven.org/

To get the dependency add to your pom:

<project>
  ...
  <build>
    ...
    <extensions>
      ...
      <extension>
      <groupId>io.vgs.tools</groupId>
      <artifactId>aws-maven</artifactId>
      <version>1.4.5</version>
      </extension>
      ...
    </extensions>
    ...
  </build>
  ...
</project>

This allows then using dependencies from s3 repositories as well as publish to s3 repositories.

Once the build extension is configured distribution management repositories can be defined in the pom.xml with an s3:// scheme.

<project>
  ...
  <distributionManagement>
    <repository>
      <id>aws-release</id>
      <name>AWS Release Repository</name>
      <url>s3://<BUCKET>/release</url>
    </repository>
    <snapshotRepository>
      <id>aws-snapshot</id>
      <name>AWS Snapshot Repository</name>
      <url>s3://<BUCKET>/snapshot</url>
    </snapshotRepository>
  </distributionManagement>
  ...
</project>

Finally the ~/.m2/settings.xml should be updated to include access and secret keys for the account. The access key should be used to populate the username element, and the secret access key should be used to populate the password element.

<settings>
  ...
  <servers>
    ...
    <server>
      <id>aws-release</id>
      <username>0123456789ABCDEFGHIJ</username>
      <password>0123456789abcdefghijklmnopqrstuvwxyzABCD</password>
    </server>
    <server>
      <id>aws-snapshot</id>
      <username>0123456789ABCDEFGHIJ</username>
      <password>0123456789abcdefghijklmnopqrstuvwxyzABCD</password>
    </server>
    ...
  </servers>
  ...
</settings>

Alternatively, the access and secret keys for the account can be provided using

AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY) environment variables
aws.accessKeyId and aws.secretKey system properties
The Amazon EC2 Instance Metadata Service
AWS-Profile ( Can be overridden with AWS_PROFILE variable )

For IAM Impersonation make sure your ~/.aws/credentials looks like this

[root]
aws_access_key_id = AKIAxxxx
aws_secret_access_key = asdfcvbn1234
[impersonated-profile]
role_arn = arn:aws:iam::1234567890:role/CrossAccountSignIn
source_profile = root

You can now install via AWS_PROFILE=impersonated-profile AWS_REGION=us-west-2 mvn clean install

Config precedence

Use environment variables if they exist
If environment variables don't exist, try to use config file

Making Artifacts Public

This wagon doesn't set an explict ACL for each artfact that is uploaded. Instead you should create an AWS Bucket Policy to set permissions on objects. A bucket policy can be set in the AWS Console and can be generated using the AWS Policy Generator.

In order to make the contents of a bucket public you need to add statements with the following details to your policy:

Effect	Principal	Action	Amazon Resource Name (ARN)
`Allow`	`*`	`ListBucket`	`arn:aws:s3:::<BUCKET>`
`Allow`	`*`	`GetObject`	`arn:aws:s3:::<BUCKET>/*`

If your policy is setup properly it should look something like:

{
  "Id": "Policy1397027253868",
  "Statement": [
    {
      "Sid": "Stmt1397027243665",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<BUCKET>",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    },
    {
      "Sid": "Stmt1397027177153",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::<BUCKET>/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}

If you prefer to use the command line, you can use the following script to make the contents of a bucket public:

BUCKET=<BUCKET>
TIMESTAMP=$(date +%Y%m%d%H%M)
POLICY=$(cat<<EOF
{
  "Id": "public-read-policy-$TIMESTAMP",
  "Statement": [
    {
      "Sid": "list-bucket-$TIMESTAMP",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::$BUCKET",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    },
    {
      "Sid": "get-object-$TIMESTAMP",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::$BUCKET/*",
      "Principal": {
        "AWS": [
          "*"
        ]
      }
    }
  ]
}
EOF
)

aws s3api put-bucket-policy --bucket $BUCKET --policy "$POLICY"

bryant-quist-vgs / aws-maven Goto Github PK

aws-maven's Introduction

AWS Maven Wagon

Building and deploying this wagon

Usage

Config precedence

Making Artifacts Public

aws-maven's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent