cStore will copy the configuration file into a specified AWS S3 Bucket.
CLI Flag | CLI Key | Description | Supports | File Key |
---|---|---|---|---|
-s |
aws-s3 |
All config values are stored in a single file. | * | /{config_context}/{file_path} , /{config_context}/{version}/{file_path} |
To authenticate with AWS, use one of the AWS methods.
Add terraform S3 Bucket and KMS Key files to the project's infrastructure.
Update terraform.tfvars to desired configuration.
Replace {APP}
with the project name and cStore will correctly auto-default the bucket option for the first file's initial push.
bucket_name = "{APP}-configs"
Add users to provide access to the bucket. IMPORTANT: Email addresses are case sensitive and roles must exist or the bucket will not be accessible or modifiable.
saml_role = app-devops"
saml_users = [
"User.Email@Org.com", # use role name, not arn
]
Add task roles to provide access to the bucket for running tasks.
app_roles = [
"app-role-dev", # use role name, not arn
]
Add iam users to provide access to the bucket for external service authenticating with secret access key.
iam_users = [
"svc-app-user-dev", # iam name, not arn
]
Authenticate and run terraform commands to create the S3 Bucket and KMS Key.
$ terraform init
$ terraform apply
The S3 Bucket store is now set up and ready to be used. cStore prompts for an S3 bucket name when pushing any file for the first time.
When pushing a version of the configuration file, multiple files will be created in S3 allowing different versions to be updated or managed independently.
With the initial configuration push to S3, encryption settings can be saved. To change these settings, re-push configuration with new encryption settings.