Configuring livepatch on-prem with AWS S3 patch storage

In an AWS EC2 deployment of livepatch on-prem, it makes sense to use S3 for patch storage if the expected number of client machines is high (over 2000).

To configure this, follow these steps:
Create an S3 bucket in the preferred region (best if the region is the same as the deployment’s). Care needs to be taken to make the bucket not world-writable as this would pose a significant security risk.
Create an access point with permissions to perform operations on that S3 bucket.
Create a programmatic IAM user account with permissions to perform S3 operations.
Run the following juju command:

$ juju config livepatch patchstore=s3 
             s3_secret_key=<IAM user secret key>        
             s3_access_key_id=<IAM user key id>
             s3_bucket=<S3 bucket name>
             s3_region=<S3 bucket region name>
             s3_endpoint=s3.<region-name>.amazonaws.com 

Once this is configured, livepatch will store and retrieve patch files from the S3 bucket.

A further improvement is to configure livepatch on-prem to serve patches from the S3 bucket directly. For that public http access needs to be allowed to that bucket. And the following juju command needs to be run:

$ juju config livepatch url_template='https://<bucket.s3-<region>.amazonaws.com/{filaname}'