AWS: Configure S3 Artifacts

• Configuring S3 as an Artifact Source
  • Enable S3 Artifacts
  • Add S3 Account

Configuring S3 as an Artifact Source

If you want to use a file from S3 in your pipeline, you’ll need to configure S3 as an artifact source. This is how you would, for example, reference a Helm chart tarball for later use during deployment.

This is just a quick walkthrough of how to configure your Spinnaker to access an S3 bucket as a source of artifacts. Many of the configurations below have additional options that may be useful (or possibly required). If you need more detailed help, take a look at the Halyard command reference

Enable S3 Artifacts

If you haven’t done this yet (for example, if you’ve just installed Armory Spinnaker fresh), you’ll need to enable S3 as an artifact source:

• Operator

  Add the following snippet to SpinnakerService manifest:

    apiVersion: spinnaker.armory.io/v1alpha2
    kind: SpinnakerService
    metadata:
      name: spinnaker
    spec:
      spinnakerConfig:  
        config:
          features:
            artifacts: true
          artifacts:
            s3:
              enabled: true
  

• Halyard

    hal config features edit --artifacts true
    hal config artifact s3 enable
  

Add S3 Account

You only need to configure the S3 credentials as an account – all buckets that account has access to can be referenced after that.

• Operator

    apiVersion: spinnaker.armory.io/v1alpha2
    kind: SpinnakerService
    metadata:
      name: spinnaker
    spec:
      spinnakerConfig:  
        config:
          features:
            artifacts: true
          artifacts:
            s3:
              enabled: true
              accounts:
              - name: my-s3-account
                region: us-west-2 # S3 region
                awsAccessKeyId: ABCDEF01234... # Your AWS Access Key ID. If not provided, Spinnaker will try to find AWS credentials as described at http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default
                awsSecretAccessKey: abc        # Your AWS Secret Key. This field supports "encrypted" secret references (https://docs.armory.io/spinnaker-install-admin-guides/secrets/)
  

• Halyard

    hal config artifact s3 account add my-s3-account \
        --region us-west-2 \
        --aws-access-key-id ABCDEF01234... \
        --aws-secret-access-key # Will be prompted for this interactively
  

  NOTE: If you are running Armory 2.1.x or earlier, the AWS secrets configured with halyard above will not work as-is; you’ll want to create/edit the file ~/.hal/default/service-settings/clouddriver.yml and add the credentials as environment variables:

    env:
      AWS_ACCESS_KEY_ID: ABCDEF01234....
      AWS_SECRET_ACCESS_KEY: LXabcdef012345...
  

Detailed information on all command line options can be found here

Apply your changes with kubectl -n <spinnaker namespace> apply -f <SpinnakerService manifest> if using the Operator, or hal deploy apply if using Halyard.