Purpose
This article gives the steps to mount an Amazon Web Service Simple Storage Service on CentOS or RHEL 6 over a VPC Endpoint.
Create IAM User
Create an IAM user that will be used to access S3 from your EC2 instances.
- Login to AWS web console
- Open IAM | Users
- Select Create New User
- Enter a user name
- i.e. s3user
- Copy generated access keys
- Set a complicated/long password for the user
OR You can use an IAM Role then include the role in the s3fs mount command
- iam_role (default is no role)
Create S3 Bucket
- Login to AWS web console
- Select Services | S3
- Create a S3 bucket
- mywebapp-uploads
- Add bucket policy to allow IAM User and VPC Endpoint access to all files inside the bucket.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
{ "Version": "2012-10-17", "Id": "wiki-uploads", "Statement": [ { "Sid": "allow-iam-user-readwrite", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::1234567890:user/s3user" }, "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::wiki-uploads/*" }, { "Sid": "allow-vpce-read-bucket", "Effect": "Allow", "Principal": "*", "Action": [ "s3:ListBucket", "s3:ListBucketVersions" ], "Resource": "arn:aws:s3:::wiki-uploads", "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-12345678" } } }, { "Sid": "allow-vpce-read-content", "Effect": "Allow", "Principal": "*", "Action": [ "s3:GetObject", "s3:GetObjectVersion" ], "Resource": "arn:aws:s3:::wiki-uploads/*", "Condition": { "StringEquals": { "aws:sourceVpce": "vpce-12345678" } } } ] } |
Install Dependencies
CentOS/RHEL/Amazon
1 |
yum install gcc libstdc++-devel gcc-c++ curl-devel libxml2-devel openssl-devel mailcap automake fuse-devel git libcurl-devel libxml2-devel make |
Ubuntu
1 |
sudo apt-get install automake autotools-dev g++ git libcurl4-gnutls-dev libfuse-dev libssl-dev libxml2-dev make pkg-config |
Install Latest Fuse
s3fs requires fuse >= 2.8.4. Default yum repo on CentOS 6 at the time of writing this pulls down fuse-2.8.3-4. So you’ll want to uninstall the repo fuse version and install the latest fuse from source. Amazon Linux default is high enough version
- Uninstall fuse
-
1yum erase fuse
-
- Download latest version
-
12cd /usr/src/wget http://downloads.sourceforge.net/project/fuse/fuse-2.X/2.9.4/fuse-2.9.4.tar.gz
-
- Extract tar
-
1tar xzf fuse-2.9.4.tar.gz
-
- Change to the extracted directory
-
1cd fuse-2.9.4
-
- Configure package
-
1./configure --prefix=/usr/local
-
- Compile and Install package
-
1234make && make installexport PKG_CONFIG_PATH=/usr/local/lib/pkgconfigldconfigmodprobe fuse
-
- Symlink fusermount to /usr/bin (Optional)
-
1ln -s /usr/local/bin/fusermount /usr/bin/fusermount
-
Install s3fs (Github)
- Download s3fs
- Change to the extracted directory
-
1cd s3fs-fuse
-
- Run Auto Generate Shell Script
-
1./autogen.sh
-
- Configure package
-
1./configure
-
- Compile and Install package
-
1make && make install
-
- Symlink s3fs to /usr/bin (Optional)
-
1ln -s /usr/local/bin/s3fs /usr/bin/s3fs
-
Install s3fs (Older Method)
- Download s3fs
- Extract tar
-
1tar -zxvf s3fs-1.74.tar.gz
-
- Change to the extracted directory
-
1cd s3fs-1.74
-
- Configure package
-
1./configure --prefix=/usr/local
-
- Compile and Install package
-
1make && make install
-
- Symlink s3fs to /usr/bin (Optional)
-
1ln -s /usr/local/bin/s3fs /usr/bin/s3fs
-
Install s3fs Libraries
- Edit /etc/ld.so.conf
-
1vim /etc/ld.so.conf
-
- Add this line to the top:
-
1/usr/local/lib/
-
- Rerun ldconfig
-
1ldconfig
-
Create Access Key File
Create a text file with the access keys.
-
-
12echo AWS_ACCESS_KEY_ID:AWS_SECRET_ACCESS_KEY > /etc/passwd-s3fschmod 600 /etc/passwd-s3fs
-
Setup Auto Mount (fstab)
-
-
123mkdir /tmp/cachemkdir /mnt/s3mntchmod 777 /tmp/cache /mnt
-
- Edit /etc/fstab
-
1vim /etc/fstab
-
- Add the following
-
1s3fs#<bucket> /mnt/s3mnt fuse allow_other,use_cache=/tmp/cache,uid=userid,gid=groupid 0 0
-
- Remount all in fstab
-
1mount -a
-