The When using AWS S3 Storage, uploads of all files in our application will go to the defined S3 Buckets. Depending on the type of file, they are served differently. Media files (public and private) are served directly by S3. either served directly by amazon s3 (by injecting the links directly into the webpage) or via the application server.
To enable the S3 storage engine, first find add and set the following variables in your app_configthe root values.yaml:
| Code Block | ||
|---|---|---|
| ||
fileStorageConfig: host: # enable storing uploads on the hosts file system enabled: false # Specify the absolute path to a directory on the filesystem where uploads should be stored path: $UPLOADS_DIR s3: enabled: true region: publicBucket: privateBucket: uploadsBucket: accessKey: secretKey: initConfig customDomain: |
To Configure the Buckets that are going to be used with the following variables.
...
copyStaticFilesToS3:
enabled: true |
Configuration variables:
Settings Key | Possible Values | Description |
|---|---|---|
| An AWS Region, eg | Specify the region of the S3 Bucket |
| A valid S3-Bucket name | The name of the bucket that holds the public media files |
| A valid S3-Bucket name | The name of the bucket that holds the private media files |
| A valid S3-Bucket name | The name of the bucket that holds the uploads (eg - 3D files) |
| Any String | The access key of the IAM user that should access the private and public media buckets |
| Any String | The secret key of the IAM user that should access the private and public media buckets |
Bucket Permissions
You will need to specify a bucket for each of the 3 different file types. We suggest you create one bucket for each. Each of the buckets would need to have the following ACL set:
...
Furthermore, you will need to give an IAM user ( or an IAM Role ) full access to all buckets and permission to list all available buckets. To do so, attach the following IAM policy to the entity that's accessing the buckets:
| Code Block |
|---|
{
"Version": "2012-10-17",
"Statement": [{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::<<Public-Media-Bucket>>",
"arn:aws:s3:::<<Public-Media-Bucket>>/*",
"arn:aws:s3:::<<Private-Media-Bucket>>",
"arn:aws:s3:::<<Private-Media-Bucket>>/*",
"arn:aws:s3:::<<3D-Files-Bucket>>",
"arn:aws:s3:::<<3D-Files-Bucket>>/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
} |
Then, configure the 3D file storage with the following settings:
...
Settings Key
...
Possible Values
...
Description
...
AMAZON_BUCKET_NAME
...
A valid S3-Bucket name
...
Specify the name of the 3D file bucket
...
AMAZON_ACCESS_KEY
...
Any String
...
The Access Key of the IAM user that should be used to access the bucket
...
AMAZON_SECRET_KEY
...
Any String
...
The Secret key of the IAM user
...
AMAZON_REGION
...
An AWS Region
...
the Region of the S3 bucket
If you want to use AWS ec2 instance profiles for S3 authentication instead of specifying the access and secret keys, find and set the following variable:
| Code Block |
|---|
AMAZON_CREDENTIALS_PROVIDER=profile |
If static is used as a value, that application tries to login first using the provided access and secret keys. If it is set to profile, it assumes that the instance where it is running is already authenticated to the s3 api. Make sure, to set all access and secret keys to empty values for this:
| Code Block |
|---|
AMAZON_CREDENTIALS_PROVIDER=profile
S3_ACCESS_KEY=
S3_SECRET_KEY=
AMAZON_ACCESS_KEY=
AMAZON_SECRET_KEY= |