aptly could be configured to publish repository directly to Amazon S3 (or S3-compatible cloud storage). First, publishing endpoints should be described in aptly configuration file. Each endpoint has name and associated settings:
region: Amazon region for S3 bucket (e.g. us-east-1)bucket: bucket nameendpoint: (optional) when using S3-compatible cloud storage, specify hostname of service endpoint here,
region is ignored if endpoint is set (set region to some human-readable name)
(should be left blank for real Amazon S3)prefix: (optional) do publishing under specified prefix in the
bucket, defaults to no prefix (bucket root)acl: (optional) assign ACL to published files (one of the canned
ACLs in Amazon terminology). Useful values: private (default),
public-read (public repository) or none (don’t set ACL). Public repositories could be
consumed by apt using HTTP endpoint (Amazon bucket should be
configured for “website hosting”), for private repositories special
apt S3 transport is required.awsAccessKeyID, awsSecretAccessKey: (optional) Amazon
credentials to access S3 bucket. If not supplied, environment
variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are used.storageClass: (optional) Amazon S3 storage class, defaults to STANDARD. Other values
available: REDUCED_REDUNDANCY (lower price, lower redundancy)encryptionMethod: (optional) server-side encryption method, defaults to none. Currently
the only available encryption method is AES256plusWorkaround: (optional) workaround misbehavior in apt and Amazon S3
(see bug) by
creating two copies of package files with + in filename: one original
and another one with spaces instead of plus signsdisableMultiDel: (optional) for S3-compatible cloud storages which do not support MultiDel S3 API,
enable this setting (file deletion would be slower with this setting enabled)forceSigV2: (optional) disable Signature V4 support, useful with non-AWS S3-compatible object stores
which do not support SigV4, shouldn’t be enabled for AWSdebug: (optional) enables detailed request/response dump for each S3 operationS3 bucket used for publishing should be empty initially and should not
be used to store other data, as aptly might remove objects while doing
cleanup operation. If prefix is configured, bucket should be empty
under the prefix (aptly won’t touch any objects outside prefix).
In order to publish to S3, specify endpoint as s3:endpoint-name:
before publishing prefix on the command line, e.g.:
$ aptly publish snapshot wheezy-main s3:test:
Or, with prefix:
$ aptly publish snapshot wheezy-main s3:test:debian/
If you would like to publish public repository to Amazon S3, create
bucket, enable website hosting option at Amazon console. Specify bucket
name, region and access keys in aptly configuration under
S3PublishEndpoints. Use public-read as value for acl parameter.
Published repository could be added to /etc/apt/sources.list by using
public HTTP URL, like any other HTTP repository.
For accessing S3 based private repositories apt-transport-s3 should be used. Package providing this functionality is available in Ubuntu 15.04 and Debian Strech (currently Jessie+1). For information how to use it read docs on project website or read the man page (apt-transport-s3(8)).
Other options like apt-s3 are also
available to use. Please don’t enable website hosting option and use
private as value for acl parameter.
Install apt-transport-s3,
apt-s3 or any other similar tool to
enable s3:// transport in apt.
It is recommended to setup separate user in Amazon IAM for publishing to
S3. This user would have access only to one bucket for publishing and
limited operations. Sample policy (change bucket to match you bucket
name):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1405592139000",
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::bucket/*", "arn:aws:s3:::bucket"
]
}
]
}