DEVELOPMENT , JAVA , MAVEN

AWS S3 as Software Repository for Maven

abstract.

This article strives to tersely outline the minimum set of steps required to use AWS S3 as a build artifact software repository into you new / existing Java project. By using S3, I am not required to maintain and own a cluster of server instances for a larger solution such as Artifactory, Nexus, etc. Where possible, I will try to guide through automated approaches to managing the infrastructure required as to alleviate some administrative burden.

terraform.

I adore the trend of treating infrastructure-as-code. To that end, I try to manage as much as possible using Hashicorp’s Terraform. Below is a simple example of how TF can be used to create and maintain the S3 bucket you’ll use for build artifacts.

resource "aws_s3_bucket" "build_artifacts" {
  bucket = "maven.andasproperties.com"
  acl    = "private"

  versioning {
    enabled = false
  }
}

aws.

Having IAM administration being one of the most important aspects of AWS, I avoid allowing programmatic access. By choice, everything I do in IAM is very deliberate - which is scalable at the organization’s present size (under 10). Anything bigger and I’m likely to reverse my position. A single role for exclusively managing IAM will be my route for separation of responsibilities. That’s for another article.

The rough order of operations for AWS will be:

1. Create an IAM policy
2. Create an IAM group
3. Create an IAM user
4. Assign the new IAM user to the new IAM group

The IAM policy I’ve created is intended to have complete access to the releases bucket. This will mean that any user to which we assign this policy (via group membership) will be able to manage the entire resource. In the interest of security, you should only add users which need access to manage releases to the group.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::maven.andasproperties.com/*",
                "arn:aws:s3:::maven.andasproperties.com"
            ]
        }
    ]
}

maven.

Configuring Maven is fairly straight-forward from here. Simply modify the below to fit your project’s configuration.

<build>
    [...]
    <extensions>
        <extension>
            <groupId>org.kuali.maven.wagons</groupId>
            <artifactId>maven-s3-wagon</artifactId>
            <version>1.2.1</version>
        </extension>
    </extensions>
</build>

<!-- This section allows your Maven project to use other libraries, classes, etc. from your repo. --> 
<repositories>
    <repository>
        <id>maven.andasproperties.com</id>
        <url>s3://maven.andasproperties.com/release</url>
    </repository>
</repositories>

<!-- This section defines where your build artifacts will be "deploy"-ed to. -->
<distributionManagement>
    <repository>
        <id>maven.andasproperties.com</id>
        <url>s3://maven.andasproperties.com/release</url>
    </repository>
</distributionManagement>

Once you’ve gotten this far, it’s a simple matter of executing the Maven goals for you project. For simplicity, you can start with mvn clean deploy. Lycka till!


“How to Set Up a Private Maven Repository in Amazon S3” by Его́р Бугае́нко: https://www.yegor256.com/2015/09/07/maven-repository-amazon-s3.html

Terraform S3 documentation: https://www.terraform.io/docs/providers/aws/r/s3_bucket.html

Maven S3 Wagon Github repository: https://github.com/jcaddel/maven-s3-wagon