Provision Amazon S3 Buckets

Enable developers to provision Amazon S3 buckets in their deployments.

As a platform engineer, your role is pivotal in shaping the infrastructure landscape that developers navigate daily. You lay the foundation, ensuring that the right resources are available, secure, and performant. This tutorial dives deep into a key task you might often encounter: enabling developers to effortlessly provision Amazon S3 buckets within their deployments.

Amazon S3, one of the most versatile and widely-adopted storage solutions, is a critical resource for many applications. However, its seamless integration into application deployments requires a robust understanding and the right set of tools. Here, we’ll leverage the combined strengths of the Score CLI and the Humanitec Platform Orchestator to bridge the gap.

By the end of this guide, you’ll have a comprehensive understanding of setting up the necessary configurations and permissions that empower developers to include S3 resources in their deployments without compromising on security or complexity. Let’s ensure that our developers have the tools they need, with the confidence that they’re building on a rock-solid infrastructure foundation.

Prerequisites #

To get started with this tutorial, you’ll need:

• An AWS account with S3 permissions.
• A Humanitec account.
• An Application configured in the Platform Orchestrator. If you do not have one yet, follow the Application Deployment Tutorial or the Scaffolding tutorial.

Setup your Cloud Credentials #

To allow your developers to provision your Resources, you’ll need to set up your Cloud Credentials.

Platform engineer teams use Cloud Accounts to give developers access to resources like Amazon S3 Buckets.

In this section, you’ll learn to set up your Cloud Provider credentials through the Web UI.

1. Select Cloud Accounts and choose Amazon Web Services.
2. Enter the folllowing information:
   1. An account name.
   2. Access key id, for example AKIAIOSFODNN7EXAMPLE.
   3. Secrect access key, for example wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY.
3. Choose Authorize.

With this, you’re ready to create Resource Definitions for developers to request Amazon S3 Buckets.

Define an S3 Resource for development #

Follow these steps to create a reference to your Resource Definition, which allows developers to request resources for their Workloads.

1. From the Resource Management screen, select + Add resource definition.
2. Choose S3 bucket and from the Humanitec drivers choose s3.
   1. Name the resource ID s3-development.
   2. For Credentials select your AWS cloud account.
   3. For region choose a region that you want the Amazon S3 bucket to be provisioned in.
   4. Select Add S3 Bucket.
3. Select the newly created Resource Definition, choose Matching criteria and + Add new criteria.
   1. Choose Environment type and for Environment type Value, enter development.
   2. Select Save.

From now on, any Deployment to an environment of type development requesting a Resource of Type s3 will get an S3 bucket provisioned according to the s3-development Resource Definition we just created.

Cloning Environments #

Rather than having a single environment for all deployments, create distinct environments for each development stage. This section demonstrates cloning an Environment to change the Amazon S3 bucket provisioning region.

1. From the left-hand navigation menu, select Environment Types.
2. Enter a Type ID and a short description of the Environment.
   1. For example, production and production deployments.
3. Select Create to create the environment.
4. From the left-hand navigation menu, select Applications.
5. Select your application, and under Environments, select + Create new environment.
   1. Clone from Development to Production and enter an Environment ID Production.
   2. Select Create.

Cloning to a new Environment does not yet deploy the Workload to that Environment.

For more information and additional tooling options see Clone Environments.

Define an S3 Resource for production #

After defining your production Environment, configure Amazon S3 Buckets to be created close to your customers for production by adjusting the deployment region in a new Resource Definition for S3 buckets.

1. From the left-hand navigation menu, select Resource Management.
2. Select + Add resource definition.
3. Choose S3 bucket and from the Humanitec drivers choose s3.
   1. Name the resource ID s3-production.
   2. For Credentials select your AWS cloud account.
   3. For region choose a region that you want the Amazon S3 bucket to be provisioned in. Make sure it is different from the region of the s3-development Resource Definition.
   • The region serves as an example. The buckets may differ in other aspects in a real-world scenario.
   4. Select Add S3 Bucket.
4. Select the newly created Resource Definition, choose Matching criteria and + Add new criteria.
   1. Choose Environment type and for Environment type Value, enter production.
   2. Select Save.

From now on, any Deployment to an environment of type production requesting a Resource of Type s3 will get an S3 bucket provisioned according to the s3-production Resource Definition we just created.

Recap #

As a platform engineer we set up the Platform Orchestrator to provision S3 buckets in two different regions depending on the environment an Application is deployed into. We used two Resource Definitions for the same kind of Resource (s3), but with different matching criteria and with a different region setting.

As a developer we defined two Environments for an Application so that Deployments into those Environments may be performed, having the Platform Orchestrator provision different S3 buckets based on the Environment.

Cleaning Up #

Do not clean up if you want to continue utilizing the S3 Resource Definitions to actually provision some buckets. See Next Steps for successive tutorials to guide you through it.

Delete the Resource Definitions #

This will remove the ability for developers to request the resource, but will not delete any resources which might have been provisioned. For a deeper understanding, refer to Lifecycle of a Resource.

1. From the left-hand navigation menu, select Resource Management.
2. Find the s3-development Resource Definition and click the trashcan icon.
3. Review the resources that will be affected by this deletion.
   • If there are none, the Resource Definition can be deleted straight away. Select Delete.
   • If there are affected resources, enter the name of the Resource Definition for confirmation and select Delete.
     • The status should change to Pending deletion.Future deployments cannot use that Resource Definition.
     • The Resource Definition will be finally deleted as soon as it not have any active resources.
4. Repeat for the s3-production Resource Definition.

Delete the Environment #

1. From the left-hand navigation menu, select Applications.
2. Select your application, and under Environments, select production.
3. Select Delete environment and confirm with the trash can button.

Delete the Environment Type #

1. From the left-hand navigation menu, select Environment Types.
2. Find the production type and click its trash can icon.
3. Confirm with Delete.

Next Steps #

• See how the Platform Orchestrator provisions environment-specific S3 buckets for your Application in the Deploy an Amazon S3 Resource tutorial.