Amazon S3 Fileserver Backend
New in version 0.16.0.
This backend exposes directories in S3 buckets as Salt environments. To enable
this backend, add
s3fs to the
fileserver_backend option in the
Master config file.
fileserver_backend: - s3fs
S3 credentials must also be set in the master config file:
s3.keyid: GKTADJGHEIQSXMKKRBJ08H s3.key: askdjghsdfjkghWupUjasdflkdfklgjsdfjajkghs
Alternatively, if on EC2 these credentials can be automatically loaded from instance metadata.
This fileserver supports two modes of operation for the buckets:
A single bucket per environment
s3.buckets: production: - bucket1 - bucket2 staging: - bucket3 - bucket4
Multiple environments per bucket
s3.buckets: - bucket1 - bucket2 - bucket3 - bucket4
Note that bucket names must be all lowercase both in the AWS console and in
Salt, otherwise you may encounter
A multiple-environment bucket must adhere to the following root directory structure:
This fileserver back-end requires the use of the MD5 hashing algorithm. MD5 may not be compliant with all security policies.
This fileserver back-end is only compatible with MD5 ETag hashes in the S3 metadata. This means that you must use SSE-S3 or plaintext for bucket encryption, and that you must not use multipart upload when uploading to your bucket. More information here: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html
Objects without an MD5 ETag will be fetched on every fileserver update.
If you deal with objects greater than 8MB, then you should use the following AWS CLI config to avoid mutipart upload:
s3 = multipart_threshold = 1024MB
More info here: https://docs.aws.amazon.com/cli/latest/topic/s3-config.html