-
Notifications
You must be signed in to change notification settings - Fork 38
Managing S3 services in Cloud.gov
#Login to cloud.gov
cf login -sso
#Target a space to create the S3 service, such as dev
cf target -s [SPACE]
#Create a public bucket
cf create-service s3 basic-public [SERVICE_NAME]
#Create service key for the bucket
cf create-service-key [SERVICE_NAME] [SERVICE_NAME_KEY]
cf service-key [SERVICE_NAME] [SERVICE_NAME_KEY]
#Set bucket credentials locally from keys retrieved, unset these keys when you’re done using them
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=
export BUCKET_NAME=
export AWS_DEFAULT_REGION=
#Create a new bucket cors.json file and use these open rules
{
"CORSRules": [
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"HEAD",
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [
"ETag"
]
}
]
}
#Upload the CORS policy to the bucket (you’ll need the AWS CLI). If you do not have AWS CLI installed, follow these instructions to install on command line: https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-mac.html#cliv2-mac-install-cmd-all-users
aws s3api put-bucket-cors --bucket $BUCKET_NAME --cors-configuration file://cors.json
#Query for CORS that was just put up and confirm they are there and correct
aws s3api get-bucket-cors --bucket $BUCKET_NAME
#Test upload of a file. Example below.
aws s3 cp /[path-to-file]/[page-name].html s3://${BUCKET_NAME}/[page-name].html
#Set up the S3 as a public website. #Accessible via: http://[$BUCKET_NAME].s3-website-us-gov-west-1.amazonaws.com/[page_name].html
aws s3 website s3://${BUCKET_NAME}/ --region us-gov-west-1 --index-document index.html --error-document error.html
http://$BUCKET-NAME.s3-us-gov-west-1.amazonaws.com/index.html
#You must delete the contents of the bucket first. If you do not, the delete of the service will fail.
#Delete the service key
cf delete-service-key [SERVICE_NAME] [SERVICE_NAME_KEY]
#Delete the service
cf delete-service [SERVICE_NAME]
- List all s3 services
cf services | grep s3 - Unbind and Bind all applications to the service: fec-s3-snapshot
Ex:cf unbind-service YOUR-APPLICATION YOUR-SERVICE
cf bind-service YOUR-APPLICATION YOUR-SERVICE
cf unbind-service celery-beat fec-s3-snapshot
cf unbind-service celery-worker fec-s3-snapshot
cf unbind-service api fec-s3-snapshot
cf bind-service celery-beat fec-s3-snapshot
cf bind-service celery-worker fec-s3-snapshot
cf bind-service api fec-s3-snapshot
- Unbind and bind all applications to the service: fec-s3-api
cf unbind-service celery-beat fec-s3-api
cf unbind-service celery-worker fec-s3-api
cf unbind-service api fec-s3-api
cf bind-service celery-beat fec-s3-api
cf bind-service celery-worker fec-s3-api
cf bind-service api fec-s3-api
-
Restage the applications that bind to fec-s3-snapshot and fec-s3-api
rerun the latest openFEC project build in circleci on develop/release/master branches(without downtime)
OR
cf restage api(causes downtime) -
Unbind and bind all applications to the service: content-s3
cf unbind-service cms content-s3
cf unbind-service s3-app content-s3
cf bind-service cms content-s3
cf bind-service s3-app content-s3
-
Restage the applications that bind to content-s3
rerun the latest fec-cms project build in circleci on develop/release/master branches(without downtime)
OR
cf restage cms(causes downtime) -
To list service keys for a service instance:
cf service-keys <service_name>
cf service-keys fec-s3-snapshot
cf service-keys fec-s3-api
cf service-keys content-s3
- To show the service key details, use
cf service-key <service_name> <my_service_key>
cf service-key fec-s3-snapshot fec-s3-snapshot-key
cf service-key fec-s3-api fec-s3-api-key
cf service-key content-s3 content-s3-key
- Delete service keys:
cf delete-service-key fec-s3-snapshot fec-s3-snapshot-key
cf delete-service-key fec-s3-api fec-s3-api-key
cf delete-service-key content-s3 content-s3-key
- Create service keys:
cf create-service-key fec-s3-snapshot fec-s3-snapshot-key
cf create-service-key fec-s3-api fec-s3-api-key
cf create-service-key content-s3 content-s3-key