Hi All, we have a requirement where i have to use an S3 bucket as a debian repository(client access server for the repository), options we found is 1. Use s3 bucket as a static website hosting, but the problem with this option is, it can be only used as http 2. Other option is to use Cloud Front, which we can be used for https our problem is with both options the s3 bucket will be public, we dont want everyone to access our repository. we tried with api gateway mutual TLS(https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/) but it is not working for us, also we followed this link (https://www.rapyder.com/blogs/static-website-authentication-using-lambda/#:~:text=Configuring%20Cloudfront%20for%20S3%20website,click%20on%20Create%20new%20Identity) here authentication is heppening only through browser, we need something like CLI auth. Is there any way or any method to add authentication for the debian repository or s3 bucket. so that only authorized system can download the package. Thanks in advance

2. Other option is to use Cloud Front, which we can be used for https

our problem is with both options the s3 bucket will be public, we dont want everyone to access our repository.

You can configure a S3 bucket without public access to be the origin for a CloudFront distribution, using a "Cloudfront access origin identity". It sounds like that is what you want to do.

You could also use a service like https://cloudsmith.com and we'll take care of it for you. Including handling authentication, and things like per-customer access keys for private distribution. See the #C01CTC4PXC1 channel for some more information (we power hosting for Cloud Posse behind the scenes). Happy to help with questions. 🙂

thanks guys

Ya, we decided to stop managing our own package repositories at cloudposse and moved to cloudsmith

Gonna chime in and say this is something you don't want to roll on your own if it's not your core business. Too much work 😆. Use a service or at least something flexible. Ran across this as a random resource that's github driven. Not saying use it... But just sharing as I found it interesting.