←back to thread

S3 as a Git remote and LFS server

(github.com)
194 points kbumsik | 1 comments | 19 Oct 24 10:37 UTC | HN request time: 0.198s | source
Show context
philsnow ◴[19 Oct 24 19:13 UTC] No.41889926[source]
I'm surprised they just punt on concurrent updates [0] instead of locking with something like dynamodb, like terraform does.

[0] https://github.com/awslabs/git-remote-s3?tab=readme-ov-file#...

replies(3): >>41890047 #>>41890892 #>>41890916 #
1. mdaniel ◴[19 Oct 24 19:26 UTC] No.41890047[source]
I thank goodness I have access to a non-stupid Terraform state provider[1] so I've never tried that S3+dynamodb setup but, if I understand the situation correctly, introducing Yet Another AWS Service ™ into this mix would mandate that callers also be given a `dynamo:WriteSomething` IAM perm, which is actually different from S3 in that in S3 one can -- at their discretion -- set the policies on the bucket such that it would work without any explicit caller IAM

1: https://docs.gitlab.com/ee/user/infrastructure/iac/terraform...