Wednesday, February 12, 2025

How to Setup AWS S3 Mountpoint on Ubuntu 24.04 LTS

High memory utilization on your EC2, especially when running e-commerce platforms with thousands of images, can severely impact performance and user experience. If you're using Ubuntu 24.04 LTS with NGINX and PHP, you're in luck! Amazon S3 Mountpoint offers a powerful solution to offload the burden of serving static assets, freeing up valuable EC2 resources and optimizing your web server.

This guide will walk you through installing and configuring AWS S3 Mountpoint on Ubuntu 24.04 LTS, leveraging chroot for a seamless setup. By the end of this tutorial, you'll be able to serve your website's images and other static content directly from cost-effective and scalable Amazon S3 storage, leading to a significant performance boost for your EC2 instance and a happier website visitor.

Why Use Amazon S3 Mountpoint?

In a nutshell, S3 Mountpoint shifts the heavy lifting of serving frontend resources from your EC2 instance to Amazon S3. This translates to:

  • Reduced EC2 Memory Utilization: Free up memory and CPU resources on your EC2 instance, allowing it to focus on application logic and dynamic content processing.
  • Improved Web Server Performance: Serve static assets faster and more efficiently directly from S3's robust infrastructure.
  • Enhanced Scalability: Leverage the limitless scalability of Amazon S3 to handle traffic spikes without stressing your EC2 instance.
  • Cost Optimization: S3 storage is generally more cost-effective for static content than EC2 instance storage.

Prerequisites:

  • An active AWS account and an EC2 instance running Ubuntu 24.04 LTS (x86_64).
  • NGINX and PHP (version 8.3 or later with PHP-FPM) already installed and configured.
  • Basic familiarity with the AWS Management Console and Linux command line.

Let's Get Started: Step-by-Step Guide

Here’s a high-level overview of the steps we'll cover:

  1. Creating the S3 IAM Role: Establish secure access to your S3 bucket from your EC2 instance using an IAM role.
  2. Configuring the S3 Bucket Policy: Define bucket permissions to ensure only your IAM role can access specific resources.
  3. Attaching the IAM Role to EC2: Associate the IAM role with your EC2 instance for authorized access.
  4. Installing the S3 Mountpoint Tool: Download and install the necessary software on your Ubuntu 24.04 LTS instance.
  5. Mounting Your S3 Bucket: Mount your S3 bucket to a local directory on your EC2 instance.
  6. Optimizing NGINX and PHP User Settings: Adjust user configurations for seamless integration with the S3 Mountpoint.
  7. Automating Mountpoint Remount on Reboot: Ensure your S3 bucket automatically remounts after EC2 instance restarts.

Step 1: Create an S3 IAM Role and Policy

IAM Roles are crucial for granting secure permissions to your EC2 instance to access AWS services like S3.

  1. Navigate to IAM: Open the AWS Management Console and go to IAM > Roles.

  2. Create Role: Click Create Role.

  3. Select EC2 Use Case: Choose AWS service as the trusted entity and select EC2 as the use case. Click Next.

  4. Name Your Role: Give your IAM Role a descriptive name (e.g., EC2-S3Mountpoint-Role). We'll attach a custom policy in the next steps.

  5. Complete Role Creation: Finish creating the role and note down the Role Name for later use.

  6. Create IAM Policy: Go to IAM > Policies > Create Policy. Select the JSON tab and paste the following policy, replacing BUCKET_NAME with your actual S3 bucket name:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject"
                ],
                "Resource": [
                    "arn:aws:s3:::BUCKET_NAME",
                    "arn:aws:s3:::BUCKET_NAME/*"
                ]
            },
            {
                "Effect": "Allow",
                "Action": "s3:ListBucket",
                "Resource": "arn:aws:s3:::BUCKET_NAME"
            }
        ]
    }
    
  7. Name Your Policy: Give your IAM Policy a descriptive name (e.g., S3Mountpoint-Policy) and click Create Policy.

  8. Attach Policy to Role: Go back to IAM > Roles, find the role you created (EC2-S3Mountpoint-Role), and click on it. Go to the Permissions tab and click Attach policies. Search for the policy you just created (S3Mountpoint-Policy) and attach it to the role.

Step 2: Configure the S3 Bucket Policy

Now, let's configure your S3 bucket to allow access only from the IAM role you created.

  1. Navigate to S3 Bucket Permissions: Go to S3 > Buckets, select your bucket (BUCKET_NAME), and go to the Permissions tab.

  2. Edit Bucket Policy: Under Bucket policy, click Edit.

  3. Paste Bucket Policy: Paste the following bucket policy, replacing ACCOUNT_ID, ROLE_NAME, and BUCKET_NAME with your specific AWS Account ID, IAM Role Name, and S3 Bucket Name respectively:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
                },
                "Action": [
                    "s3:GetObject",
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                "Resource": [
                    "arn:aws:s3:::BUCKET_NAME",
                    "arn:aws:s3:::BUCKET_NAME/*"
                ]
            },
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
                },
                "Action": "s3:ListBucket",
                "Resource": "arn:aws:s3:::BUCKET_NAME"
            }
        ]
    }
    
  4. Save Changes: Click Save changes.

Step 3: Attach the IAM Role to Your EC2 Instance

Associate the IAM role with your EC2 instance to grant it the necessary permissions.

  1. Navigate to EC2 Instances: Go to EC2 > Instances > Instances.
  2. Select Instance and Modify IAM Role: Select your EC2 instance, click Actions > Security > Modify IAM role.
  3. Attach IAM Role: In the "IAM role" dropdown, select the IAM role you created (EC2-S3Mountpoint-Role) and click Update IAM role.

Step 4: Install the S3 Mountpoint Tool on Ubuntu 24.04 LTS

Now, let's install the S3 Mountpoint tool on your EC2 instance.

  1. Download the Mountpoint Package: Connect to your EC2 instance via SSH and download the latest Mountpoint deb package for x86_64 architecture from the official AWS documentation. (Always refer to the official documentation for the most up-to-date download link). As of writing, you might use:

    sudo wget https://s3.amazonaws.com/mountpoint-s3-release/latest/x86_64/mount-s3.deb
    
  2. Install the Package: Install the downloaded deb package:

    sudo apt-get install ./mount-s3.deb
    

Step 5: Create a Mount Directory

Create a local directory on your EC2 instance where you'll mount your S3 bucket.

  1. Create Directory:

    sudo mkdir /mnt/s3bucket
    
  2. Change Ownership: Change the ownership of the mount directory to the ubuntu user:

    sudo chown ubuntu:ubuntu /mnt/s3bucket
    

Step 6: Mount Your S3 Bucket

Mount your S3 bucket to the directory you created, enabling delete operations and access for other users (like ubuntu).

  1. Mount the S3 Bucket:

    /usr/bin/mount-s3 --allow-delete --allow-other BUCKET_NAME /mnt/s3bucket
    

    Replace BUCKET_NAME with the name of your S3 bucket.

    Important Note: If you encounter a fusermount: option allow_other only allowed if 'user_allow_other' is set in /etc/fuse.conf error, you need to edit /etc/fuse.conf and uncomment the user_allow_other line to allow non-root users to access the mount.

Step 7: Configure NGINX and PHP to Use the ubuntu User

To ensure NGINX and PHP can access the mounted S3 bucket seamlessly, we need to configure them to run as the ubuntu user.

  1. Edit NGINX Configuration:

    sudo nano /etc/nginx/nginx.conf
    

    Find the user directive and change it to:

    user ubuntu;
    
  2. Update PHP-FPM Pool Configuration:

    sudo nano /etc/php/8.3/fpm/pool.d/www.conf
    

    (Note: If you are using a different PHP version, adjust the path accordingly, e.g., /etc/php/8.4/fpm/pool.d/www.conf)

    Set the user and group directives to ubuntu:

    user = ubuntu
    group = ubuntu
    
  3. Adjust Directory Permissions: Correct permissions for NGINX and PHP runtime directories:

    sudo chown -R ubuntu:ubuntu /var/lib/nginx /var/lib/php /run/php
    

Step 8: Configure PHP Session File Storage

Ensure PHP session files are correctly handled with the user change.

  1. Check Current Session Directory: (Optional - to verify default if not explicitly set)

    grep "session.save_path" /etc/php/8.3/fpm/php.ini
    
  2. Adjust Session Directory Permissions: Ensure the default session directory exists and is writable by the ubuntu user:

    sudo chown ubuntu:ubuntu /var/lib/php/sessions
    
  3. Update PHP-FPM Configuration (Optional - if needed): If you want to explicitly set the session save path (though usually defaults to /var/lib/php/sessions), edit:

    sudo nano /etc/php/8.3/fpm/php.ini
    

    Ensure these lines are present and configured as shown:

    session.save_handler = files
    session.save_path = "/var/lib/php/sessions"
    
  4. Restart Services: Restart NGINX and PHP-FPM to apply the changes:

    sudo systemctl restart nginx php8.3-fpm
    
  5. Verify Permissions: Test if PHP can create session files in the session directory:

    ls -l /var/lib/php/sessions
    

    Session files should now be owned by the ubuntu user.

Step 9: Automate S3 Mountpoint Remount on Reboot

To automatically remount your S3 bucket after an EC2 instance reboot, create a systemd service.

  1. Create Systemd Service File:

    sudo nano /etc/systemd/system/s3-mountpoint.service
    
  2. Paste Service Configuration: Add the following configuration to the file, replacing BUCKET_NAME with your bucket name:

    [Unit]
    Description=Mount S3 Bucket
    After=network-online.target
    Wants=network-online.target
    
    [Service]
    Type=oneshot
    ExecStart=/usr/bin/mount-s3 BUCKET_NAME /mnt/s3bucket --allow-other --allow-delete
    ExecStop=/bin/umount -l /mnt/s3bucket
    RemainAfterExit=true
    User=ubuntu
    
    [Install]
    WantedBy=multi-user.target
    
  3. Reload Systemd Daemon, Enable, and Start Service:

    sudo systemctl daemon-reload
    sudo systemctl enable s3-mountpoint
    sudo systemctl start s3-mountpoint
    
  4. Verify Mount: Check if the S3 bucket is mounted:

    mount | grep /mnt/s3bucket
    
  5. Test on Reboot: Reboot your EC2 instance to ensure the automatic remount works:

    reboot
    
  6. Verify After Reboot: After reboot, check if the S3 bucket is mounted again:

    ls /mnt/s3bucket
    

Conclusion: Enjoy Optimized EC2 Performance!

Congratulations! You've successfully configured Amazon S3 Mountpoint on your Ubuntu 24.04 LTS EC2 instance. By serving static assets directly from S3, you've freed up valuable EC2 resources, optimized your web server's performance, and improved the scalability and cost-efficiency of your infrastructure.

This setup is ideal for e-commerce websites, media-rich applications, and any scenario where serving a large volume of static content is impacting your EC2 instance's performance.

0 comments:

Post a Comment