The AWS S3 Storage uploads all files to S3 Buckets. Depending on the type of file, they are served differently. Media files (public and private) are served directly by S3. either served directly by amazon s3 (by injecting the links directly into the webpage) or via the application server.
To enable the S3 storage engine, first find and set the following variables in your app_config:
fileStorageConfig:
host:
# enable storing uploads on the hosts file system
enabled: false
# Specify the absolute path to a directory on the filesystem where uploads should be stored
path: $UPLOADS_DIR
s3:
enabled: true
region:
publicBucket:
privateBucket:
uploadsBucket:
accessKey:
secretKey:
customDomain:
To Configure the Buckets that are going to be used with the following variables.
First, use these settings to configure the S3 Storage for the media files:
Settings Key | Possible Values | Description |
|---|---|---|
| An AWS Region, eg | Specify the region of the S3 Bucket |
| A valid S3-Bucket name | The name of the bucket that holds the public media files |
| A valid S3-Bucket name | The name of the bucket that holds the private media files |
| A valid S3-Bucket name | The name of the bucket that holds the uploads (eg - 3D files) |
| Any String | The access key of the IAM user that should access the private and public media buckets |
| Any String | The secret key of the IAM user that should access the private and public media buckets |
Bucket Permissions
You will need to specify a bucket for each of the 3 different file types. We suggest you create one bucket for each. Each of the buckets would need to have the following ACL set:
Public Media:
ACL=public-readPrivate Media:
ACL=private3D files:
ACL=private
Furthermore, you will need to give an IAM user ( or an IAM Role ) full access to all buckets and permission to list all available buckets. To do so, attach the following IAM policy to the entity that's accessing the buckets:
{
"Version": "2012-10-17",
"Statement": [{
"Action": "s3:*",
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::<<Public-Media-Bucket>>",
"arn:aws:s3:::<<Public-Media-Bucket>>/*",
"arn:aws:s3:::<<Private-Media-Bucket>>",
"arn:aws:s3:::<<Private-Media-Bucket>>/*",
"arn:aws:s3:::<<3D-Files-Bucket>>",
"arn:aws:s3:::<<3D-Files-Bucket>>/*"
]
},
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
}
]
}
Then, configure the 3D file storage with the following settings:
Settings Key | Possible Values | Description |
|---|---|---|
| A valid S3-Bucket name | Specify the name of the 3D file bucket |
| Any String | The Access Key of the IAM user that should be used to access the bucket |
| Any String | The Secret key of the IAM user |
| An AWS Region | the Region of the S3 bucket |
If you want to use AWS ec2 instance profiles for S3 authentication instead of specifying the access and secret keys, find and set the following variable:
AMAZON_CREDENTIALS_PROVIDER=profile
If static is used as a value, that application tries to login first using the provided access and secret keys. If it is set to profile, it assumes that the instance where it is running is already authenticated to the s3 api. Make sure, to set all access and secret keys to empty values for this:
AMAZON_CREDENTIALS_PROVIDER=profile S3_ACCESS_KEY= S3_SECRET_KEY= AMAZON_ACCESS_KEY= AMAZON_SECRET_KEY=