Provided by: apt-transport-s3_2.2.1-1_all 
NAME
DESCRIPTION
apt-transport-s3 - it's a package which contains apt transport ('plugin') allowing apt to fetch files
stored in private repositories held on AWS S3.
Bucket name
According to the S3 bucket naming convention to make it working with this transport over TLS bucket name
can NOT contain dots in it. More information about it can be found at
https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html
AWS Credentials
To access repositories held on S3 it is compulsory to have correct permissions into the bucket where
repository is located and those permissions have to be reflected in at least one of below two places.
IAM Roles default place where S3 transport is looking for credentials allowing for fetching files from S3
bucket
Configuration
/etc/apt/s3auth.conf or IAM role (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-
amazon-ec2.html) can provide credentials required for using private apt repositories.
NOTE: Region MUST match the region the buckets are stored in and if not defined it will try to fetch it
from the metadata service.
Setting Endpoint allows for using providers other than Amazon AWS. If set, Endpoint disregards Region.
Example of s3auth.conf file:
AccessKeyId = myaccesskey
SecretAccessKey = mysecretaccesskey
Region = 'us-east-1'
Endpoint = 'nyc3.digitaloceanspaces.com'
PathStyle = True
Minimal IAM policy for accessing repository
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::[BUCKET_ID]/*",
"arn:aws:s3:::[BUCKET_ID]"
]
}
]
}
Usage
Install the .deb package from the releases page. The bucket repo should be specified using an s3://
prefix, for example:
deb s3://aptbucketname/repo/ trusty main contrib non-free
if you need to use a proxy to connect to the internet you can specify this as an APT configuration
directive (for example in /etc/apt/apt.conf.d/90apt-transport-s3)
Acquire::http::Proxy "http://myproxy:3128/";
Bucket name hosting repo can not contain dots in it’s name as this (according to AWS S3 naming convention
(https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html)) will invalidate virtual host
style paths TLS certificates.
Testing
The module will run in interactive mode. It accepts on stdin and outputs on stdout. The messages it
accepts on stdin are in the following format and documented here (http://www.fifi.org/doc/libapt-pkg-
doc/method.html/index.html#abstract).
600 URI Acquire
URI:s3://my-s3-repository/project-a/dists/trusty/main/binary-amd64/Packages
Filename:Packages.downloaded
Fail-Ignore:true
Index-File:true
This message will trigger an s3 get from the above bucket and key and save it to Filename. It needs a
blank line after the message to trigger the processing by the s3 method.
Contribution
If you want to contribute a patch via PR please create it against development branch. Patches via email
are welcome as well.
October 7, 2024 APT-TRANSPORT-S3(8)