After seeing how LocalStack Cloud Pods help teams work better together, let's look at the other ways companies can keep their snapshots in their own court. For environments with stricter security policies, there are a few storage options that help protect data, making it easy to keep everything secure and accessible no matter what your needs are.
S3 bucket remote storage
The S3 remote allows for the storage of Cloud Pod assets in an existing S3 bucket located in a real AWS account. The first action to take is to export the required AWS credentials during the terminal session. Side note: the S3 remote feature for Cloud Pods is only accessible when the localstack CLI is installed through pip
, for now.
Let’s try it out:
$ export AWS_ACCESS_KEY_ID=<YOUR_AWS_ACCESS_KEY_ID>
$ export AWS_SECRET_ACCESS_KEY=<YOUR_AWS_SECRET_ACCESS_KEY>
Next, we set up a new remote connection specifically for an S3 bucket. By using the command below, we create a remote called s3-storage-aws
. This remote is for saving Cloud Pod items in an S3 bucket named localstack-pod-storage
.
$ localstack pod remote add s3-storage-aws 's3://ls-pods-bucket-test/?access_key_id={access_key_id}&secret_access_key={secret_access_key}'
Note: When setting this up, we might encounter an error message like:
SSL validation failed for
https://localstack-pod-storage.s3.amazonaws.com/
hostname.
To fix this, we can create a list of exceptions that point to AWS instead of LocalStack by using the following configuration flag in the docker-compose file:
DNS_NAME_PATTERNS_TO_RESOLVE_UPSTREAM=.*
localstack-pod-storage.s3.amazonaws.com
This setting is generally used for hybrid setups, where certain API calls target AWS, whereas other services will target LocalStack.
Now we can save the pod:
$ localstack pod save cloud-pod-product-app s3-storage-aws
Cloud Pod cloud-pod-product-app successfully created ✅
Version: 1
Remote: s3
Services: sts,s3,iam,apigateway,dynamodb,lambda
The Cloud Pod is visible in the AWS S3 dashboard:
To load the state into a new LocalStack instance, we use:
$ localstack pod load cloud-pod-product-app s3-storage-aws
Cloud Pod cloud-pod-product-app successfully loaded
ORAS remote storage
ORAS, which stands for OCI Registry As Storage, is a tool designed to help you use OCI (Open Container Initiative) registries for storing and sharing a wide range of content. While OCI registries were originally created for container images, ORAS extends their use to other types of artifacts. Essentially, ORAS allows you to push and pull any content to and from OCI-compliant registries using the same workflows you'd use for container images.
Docker Hub comes into play as a popular, OCI-compliant container registry. It's primarily known for hosting Docker container images but, thanks to the OCI specification's flexibility, it can also serve as a storage and distribution point for other types of artifacts through tools like ORAS. This makes Docker Hub not just a hub for Docker images but a versatile cloud registry for various types of application artifacts, supporting the broader ecosystem of cloud-native development and deployment practices.
Let’s illustrate how you can utilize Docker Hub to store and retrieve Cloud Pods. This is very similar to the S3 bucket storage setup:
$ export ORAS_USERNAME=your_docker_hub_id
$ export ORAS_PASSWORD=your_docker_hub_password
We can now use the CLI to create a new remote called oras-remote
$ localstack pod remote add oras-remote 'oras://{oras_username}:{oras_password}@registry.hub.docker.com/<your_docker_hub_id>'
A Cloud Pod can be stored on the newly configured remote:
$ localstack pod save cloud-pod-product-app oras-remote
Cloud Pod cloud-pod-product-app successfully created ✅
Version: 1
Remote: oras
Services: sts,s3,iam,apigateway,dynamodb,lambda
After saving the Cloud Pod, it will appear in the Docker Hub repositories dashboard:
Viewing all the remotes
By using the command localstack pod remote list
, you can view all the configured remote options for saving Cloud Pods, including the AWS S3 bucket and the Docker Hub repository configuration, with the default set to the LocalStack platform.
$ localstack pod remote list
┏━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Remote Name ┃ URL ┃
┡━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ s3-storage-aws │ s3://localstack-pod-storage/?access_key_id={access_key_id}&secret_access_key={secret_access_key} │
│ oras-remote │ oras://{oras_username}:{oras_password}@registry.hub.docker.com/msmuzitiger210 │
│ default │ platform://localstack │
└────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────────┘
Conclusion
We've seen how you can securely store Cloud Pod assets using S3 bucket remote storage and ORAS remote storage. S3 allows assets to be saved in an existing AWS account, while ORAS extends OCI registries for versatile artifact storage.