@swamp/s3-datastore-bootstrap
v2026.04.22.3
One-shot bootstrap for @swamp/s3-datastore. Ships a single provisioner model that creates an S3 bucket and a least-privilege IAM managed policy, plus a workflow that runs the provisioner and then switches the current swamp repository over to the S3 datastore.
Prerequisites
- AWS credentials in the default credential chain (env / profile / role) with permissions to create the bucket, create the managed policy, and exercise the runtime actions documented in @swamp/s3-datastore.
- The caller that will run swamp after setup must already hold, or will attach, the managed policy produced by this workflow.
What it does
provisioncreates a private S3 bucket (versioning on, SSE-S3, public access blocked) and a scoped IAM managed policy granting the four runtime IAM actions (ListBucket,GetObject,PutObject,DeleteObject) limited to that bucket.- A final
command/shellstep runsswamp datastore setup extension @swamp/s3-datastore --config ...to flip the repo's datastore to S3.
Running
swamp extension pull @swamp/s3-datastore-bootstrap
swamp model create @swamp/s3-datastore-bootstrap/provisioner \
swamp-s3-datastore-provisioner
# Edit the instance so globalArguments are wired to workflow inputs:
# bucket_name: ${{ inputs.bucket_name }}
# region: ${{ inputs.region }}
# prefix: ${{ inputs.prefix }}
# policy_name: ${{ inputs.policy_name }}
swamp model edit swamp-s3-datastore-provisioner
# The command/shell instance used by the final workflow step
swamp model create command/shell swamp-s3-datastore-setup
swamp workflow run bootstrap-s3-datastore \
--input bucket_name=my-swamp-state \
--input region=us-east-1
swamp datastore statusSee the bundled README for optional inputs (prefix, policy_name),
the exact IAM policy produced, and idempotency notes.
Repository
https://github.com/systeminit/swamp-extensions
Labels
Quality score
Verified by SwampHow well-documented and verifiable this extension is.
Grade A
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- At least one platform tag (or universal)1/1earned
- Two or more platform tags (or universal)1/1earned
- License declared1/1earned
- Verified public repository2/2earned
Install
$ swamp extension pull @swamp/s3-datastore-bootstrapResources
Provision an S3 bucket + least-privilege IAM managed policy for @swamp/s3-datastore, then switch the current repo to use S3.
One-shot bootstrap for @swamp/s3-datastore. Ships a single provisioner model that creates an S3 bucket and a least-privilege IAM managed policy, plus a workflow that runs the provisioner and then switches the current swamp repository over to the S3 datastore. ## Prerequisites - AWS credentials in the default credential chain (env / profile / role) with permissions to create the bucket, create the managed policy, and exercise the runtime actions documented in @swamp/s3-datastore. - The caller that will run swamp after setup must already hold, or will attach, the managed policy produced by this workflow. ## What it does 1. `provision` creates a private S3 bucket (versioning on, SSE-S3, public access blocked) and a scoped IAM managed policy granting the four runtime IAM actions (`ListBucket`, `GetObject`, `PutObject`, `DeleteObject`) limited to that bucket. 2. A final `command/shell` step runs `swamp datastore setup extension @swamp/s3-datastore --config ...` to flip the repo's datastore to S3. ## Running ```bash swamp extension pull @swamp/s3-datastore-bootstrap swamp model create @swamp/s3-datastore-bootstrap/provisioner \ swamp-s3-datastore-provisioner # Edit the instance so globalArguments are wired to workflow inputs: # bucket_name: ${{ inputs.bucket_name }} # region: ${{ inputs.region }} # prefix: ${{ inputs.prefix }} # policy_name: ${{ inputs.policy_name }} swamp model edit swamp-s3-datastore-provisioner # The command/shell instance used by the final workflow step swamp model create command/shell swamp-s3-datastore-setup swamp workflow run bootstrap-s3-datastore \ --input bucket_name=my-swamp-state \ --input region=us-east-1 swamp datastore status ``` See the bundled README for optional inputs (`prefix`, `policy_name`), the exact IAM policy produced, and idempotency notes.
One-shot bootstrap for @swamp/s3-datastore. Ships a single provisioner model that creates an S3 bucket and a least-privilege IAM managed policy, plus a workflow that runs the provisioner and then switches the current swamp repository over to the S3 datastore. ## Prerequisites - AWS credentials in the default credential chain (env / profile / role) with permissions to create the bucket, create the managed policy, and exercise the runtime actions documented in @swamp/s3-datastore. - The caller that will run swamp after setup must already hold, or will attach, the managed policy produced by this workflow. ## What it does 1. `provision` creates a private S3 bucket (versioning on, SSE-S3, public access blocked) and a scoped IAM managed policy granting the four runtime IAM actions (`ListBucket`, `GetObject`, `PutObject`, `DeleteObject`) limited to that bucket. 2. A final `command/shell` step runs `swamp datastore setup extension @swamp/s3-datastore --config ...` to flip the repo's datastore to S3. ## Running ```bash swamp extension pull @swamp/s3-datastore-bootstrap swamp model create @swamp/s3-datastore-bootstrap/provisioner \ swamp-s3-datastore-provisioner # Edit the instance so globalArguments are wired to workflow inputs: # bucket_name: ${{ inputs.bucket_name }} # region: ${{ inputs.region }} # prefix: ${{ inputs.prefix }} # policy_name: ${{ inputs.policy_name }} swamp model edit swamp-s3-datastore-provisioner # The command/shell instance used by the final workflow step swamp model create command/shell swamp-s3-datastore-setup swamp workflow run bootstrap-s3-datastore \ --input bucket_name=my-swamp-state \ --input region=us-east-1 swamp datastore status ``` See the bundled README for optional inputs (`prefix`, `policy_name`), the exact IAM policy produced, and idempotency notes.
One-shot bootstrap for @swamp/s3-datastore. Ships a single provisioner model that creates an S3 bucket and a least-privilege IAM managed policy, plus a workflow that runs the provisioner and then switches the current swamp repository over to the S3 datastore. ## Prerequisites - AWS credentials in the default credential chain (env / profile / role) with permissions to create the bucket, create the managed policy, and exercise the runtime actions documented in @swamp/s3-datastore. - The caller that will run swamp after setup must already hold, or will attach, the managed policy produced by this workflow. ## What it does 1. `provision` creates a private S3 bucket (versioning on, SSE-S3, public access blocked) and a scoped IAM managed policy granting the four runtime IAM actions (`ListBucket`, `GetObject`, `PutObject`, `DeleteObject`) limited to that bucket. 2. A final `command/shell` step runs `swamp datastore setup extension @swamp/s3-datastore --config ...` to flip the repo's datastore to S3. ## Running ```bash swamp extension pull @swamp/s3-datastore-bootstrap swamp model create @swamp/s3-datastore-bootstrap/provisioner \ swamp-s3-datastore-provisioner # Edit the instance so globalArguments are wired to workflow inputs: # bucket_name: ${{ inputs.bucket_name }} # region: ${{ inputs.region }} # prefix: ${{ inputs.prefix }} # policy_name: ${{ inputs.policy_name }} swamp model edit swamp-s3-datastore-provisioner # The command/shell instance used by the final workflow step swamp model create command/shell swamp-s3-datastore-setup swamp workflow run bootstrap-s3-datastore \ --input bucket_name=my-swamp-state \ --input region=us-east-1 swamp datastore status ``` See the bundled README for optional inputs (`prefix`, `policy_name`), the exact IAM policy produced, and idempotency / self-reentrancy notes.