Mounting Your Own Cloud Storage With Cloud Mounter and AWS
Published: Nov 28, 2023
Last updated: Nov 28, 2023
Introduction
My partner and I have a few side projects that rely on storage of large video fails. After one too many hard drives failed over time, I decided that we would opt for moving things to cloud storage.
That being said, there were a few issues with doing this using out-of-the-box solutions:
- Options like iCloud and Google Drive are not cost-effective for the amount of storage we need.
- There was a limit to the amount of storage we could get on a single account.
That being said, we wanted a way to mount storage directly on our machines like we do with external hard drives. This would allow us to use the storage as if it were a local drive.
I was already trialling out SetApp for subscriptions on my Mac, with one such app being Cloud Mounter, an app which fulfills our need of mounting the S3 bucket as a remote drive.
This post will cover how I set up the S3 bucket using AWS CDK and mounted it using Cloud Mounter.
Prerequisites
- Working knowledge of AWS CDK.
- Working knowledge of AWS S3.
- Working knowledge of TypeScript.
- Install Node.js and npm (Node Package Manager). AWS CDK requires Node.js. You can download it from the Node.js official website.
- If you also want to use CloudMounter, ensure you have a SetApp subscription or have purchased CloudMounter.
This guide will walk you through the steps to set up a new application using the AWS Cloud Development Kit (CDK) in TypeScript, then we will add an S3 bucket that we can mount using Cloud Mounter.
Installation Steps
1. Install AWS CDK
Install the AWS CDK globally using npm:
npm install -g aws-cdk
2. Set Up AWS Credentials
Ensure your AWS credentials are configured:
- Install the AWS CLI.
- Run
aws configure
and enter your AWS Access Key ID, Secret Access Key, and default region.
For what it's worth, I use aws-vault to store my different AWS account credentials and work from there.
3. Create a New CDK Project
Create a new CDK project in TypeScript:
# First, create a folder for your project mkdir mac-cloud-storage-s3-cdk-app cd mac-cloud-storage-s3-cdk-app # Initialise the AWS CDK stack cdk init app --language typescript # or using npx npx aws-cdk@latest init app --language typescript
At the time of writing, I am using
aws-cdk@2.111.0
.
Development
1. Explore and Modify Your CDK App
- The main file for defining AWS resources is
lib/<your-project-name>-stack.ts
.
If you followed the same project folder name that I did, you will find the code within
lib/mac-cloud-storage-s3-cdk-app-stack.ts
.
2. Bootstrap Your AWS Environment (if necessary)
Bootstrap your environment to set up an S3 bucket for storing assets:
npx cdk bootstrap
3. Deploy Your CDK App
We are not ready quite yet, but you could now deploy your AWS CDK app by running:
npx cdk deploy
Configuring the S3 Bucket and credentials
Update the code in lib/mac-cloud-storage-s3-cdk-app-stack.ts
to the following:
import * as cdk from "aws-cdk-lib"; import { Construct } from "constructs"; import * as s3 from "aws-cdk-lib/aws-s3"; import * as iam from "aws-cdk-lib/aws-iam"; export class MacCloudStorageS3CdkAppStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); const bucket = new s3.Bucket(this, "IntelligentTieringBucket", { lifecycleRules: [ { id: "IntelligentTieringRule", enabled: true, transitions: [ { storageClass: s3.StorageClass.INTELLIGENT_TIERING, transitionAfter: cdk.Duration.days(0), // Transition immediately to Intelligent-Tiering }, ], }, ], }); const user = new iam.User(this, "MyBucketUser"); // Policy allowing access to the specific bucket const bucketPolicy = new iam.PolicyStatement({ actions: ["s3:*"], resources: [bucket.bucketArn, `${bucket.bucketArn}/*`], effect: iam.Effect.ALLOW, }); // Attach the policy to the user user.addToPolicy(bucketPolicy); // Output the username new cdk.CfnOutput(this, "UserNameOutput", { value: user.userName, description: "The name of the IAM user", }); // Output the bucket name new cdk.CfnOutput(this, "BucketNameOutput", { value: bucket.bucketName, description: "The name of the S3 bucket", }); } }
The construct has comments jotted throughout to denote what is happening, but as a summary:
- We create a new S3 bucket with a lifecycle rule that will transition files to the Intelligent-Tiering storage class immediately.
- We create a new IAM user and attach a policy that allows access to the bucket.
- We output the username and bucket name to the console.
Generating Credentials For The Created User
In AWS, best practices dictate that you should never display or expose IAM user credentials (like Access Keys) in clear text, especially in your infrastructure code or logs. This is to maintain security and prevent unauthorized access.
However, if you need to create and retrieve IAM user credentials, such as for a newly created user in an automated fashion, you can do this carefully through the AWS Management Console or programmatically using the AWS SDK or CLI. Here's a general approach:
Using AWS Management Console
Navigate to IAM: Log into the AWS Management Console and go to the IAM service.
Find the User: Go to the 'Users' section and find the user you created.
Create Access Key:
- Select the user.
- In the 'Security credentials' tab, you can create an access key by clicking the "Create access key" button.
- This will provide you with the Access Key ID and Secret Access Key. Make sure to download or copy these credentials, as the Secret Access Key won't be shown again.
Using AWS CLI or SDK
Install AWS CLI or SDK: If not already installed, install the AWS CLI or configure the AWS SDK in your preferred programming language.
Use CLI or SDK to Create Access Key:
- With the AWS CLI, you can run a command to create a new access key for a user.
- The command
aws iam create-access-key --user-name <username>
will output the Access Key ID and Secret Access Key. - Programmatically, you can use the corresponding function in the AWS SDK of your choice.
Handling Credentials Securely
- Never Hardcode Credentials: Avoid hardcoding credentials in your code or CDK scripts.
- Store Securely: If you must store these credentials, use a secure method like AWS Secrets Manager or another encrypted storage solution.
- Use IAM Roles: For applications running on AWS services (like EC2, Lambda), prefer to use IAM roles for granting permissions. This avoids the need to manage and rotate access keys.
CDK Consideration
AWS CDK does not have built-in mechanisms to handle the creation and retrieval of IAM user credentials because of the security implications. You should handle such operations outside of your infrastructure as code, ensuring that any sensitive data is securely managed.
Follow whichever approach works best, but in my case, I simply used the CLI to generate the credentials and jot them down somewhere safe for the next part.
Connecting Using CloudMounter
The final part is quite trivial.
Open CloudMounter and you will see a screen like the following:
CloudMounter
Click on the +
button and select Amazon S3
from the list of options. This will lead you to a screen where you can input the bucket name, username, access key and secret key.
CloudMounter S3 option
Once you have filled in the details, click Mount
and you will be able to access the bucket as if it were a local drive through Finder.
CloudMounter drive on Finder
You now have a connection to the S3 drive that you can use as external storage. Happy days!
Final Considerations
- AWS CDK uses AWS CloudFormation to provision resources.
- Be aware of AWS costs associated with the resources you deploy.
- If you know the expectation or lifecycle of the resources you create, you can set up a deletion policy to automatically delete resources or manually handle transitions instead of the intelligent tiering.
If you do not require the stack that we created today, be sure to tear it down with cdk destroy
.
References and Further Reading
Photo credit: boliviainteligente
Mounting Your Own Cloud Storage With Cloud Mounter and AWS
Introduction