Configuring local CC to run with an S3 blobstore

Every once in a while, we have interesting scenarios happening on an S3 blobstore, used by our cf deployments on tabasco or A1. It can be useful to configure a local instance of Cloud Controller to point at the blobstore in question. This strategy can be used to:

• Examine the state of the blobstore using the Cloud Controller console. This can be achieved by running the console directly from the workstation. From the cloud_controller_ng directory, open config/cloud_controller.yml and change each of the fog_connection sections to point at the desired S3. This configuration can be found in the deployments-runtime, likely in a stub file. It should look something like:

fog_connection:
  provider: "AWS"
  aws_access_key_id: <ACCESS KEY>
  aws_secret_access_key: <SECRET KEY>

Once this is configured, run bin/console to start CC. lib/cloud_controller/dependency_locator.rb contains several examples of initializing the blobstore client, depending on what you'd like to investigate.

• Deploy to bosh-lite using S3 as the blobstore This can be useful when you want to test a blobstore-related feature by hitting CF from the CLI, or see its state over the course of long operation e.g. app lifecycle. After generating a bosh-lite manifest, replace the fog_connection sections to point at the desired S3. This configuration can be found in the deployments-runtime, likely in a stub file. It should look something like:

fog_connection:
  provider: "AWS"
  aws_access_key_id: <ACCESS KEY>
  aws_secret_access_key: <SECRET KEY>

Then, deploy to bosh-lite as usual. You should be able to open S3 in the browser and watch as things happen to your buckets.

Setting Server Side Encryption on AWS

Set the following property on any of the resources you want encrypted in your manifest:

fog_aws_storage_options:
   encryption: 'AES256'

You can verify that the files were encrypted in the AWS Console by checking the 'Properties' of the file in the bucket. For more info on SSE, check out our docs!