Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

How to configure livepatch on-prem with AWS S3 patch storage

In an AWS EC2 deployment of livepatch on-prem, it makes sense to use S3 for patch storage if the expected number of client machines is high (over 2000).

To configure this, follow these steps:
Create an S3 bucket in the preferred region (best if the region is the same as the deployment’s). Care needs to be taken to make the bucket not world-writable as this would pose a significant security risk.
Create an access point with permissions to perform operations on that S3 bucket.
Create a programmatic IAM user account with permissions to perform S3 operations.
Run the following juju command:

$ juju config livepatch patchstore=s3 
             s3_secret_key=<IAM user secret key>        
             s3_access_key_id=<IAM user key id>
             s3_bucket=<S3 bucket name>
             s3_region=<S3 bucket region name>
             s3_endpoint=s3.<region-name>.amazonaws.com

Once this is configured, livepatch will store and retrieve patch files from the S3 bucket.

A further improvement is to configure livepatch on-prem to serve patches from the S3 bucket directly. For that public http access needs to be allowed to that bucket. And the following juju command needs to be run:

$ juju config livepatch url_template='https://<bucket.s3-<region>.amazonaws.com/{filaname}'
Previous Configure patch storage Next Use Livepatch client with on-prem server

This page was last modified 1 year, 28 days ago. Help improve this document in the forum.