Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

When using AWS S3 Storage uploads of all files go to the defined S3 Buckets. Depending on the type of file, they are served differently. Media files (public and private) are served directly by S3. either served directly by amazon s3 (by injecting the links directly into the webpage) or via the application server.

To enable the S3 storage add and set the following variables in the root values.yaml:

fileStorageConfig:
  host:
    # enable storing uploads on the hosts file system. 
    # Set to `false` if you use s3 config below
    enabled: false
    
    # Specify the absolute path to a directory on the filesystem where uploads should be stored
    # Irrelevant if you use s3 config below 
    path: $UPLOADS_DIR
  
  s3:
    enabled: true
    region:
    publicBucket:
    privateBucket:
    uploadsBucket:
    accessKey:
    secretKey:


initConfig
  copyStaticFilesToS3:
    enabled: true

Configuration variables:

Settings Key

Possible Values

Description

region

An AWS Region, eg eu-central-1

Specify the region of the S3 Bucket

publicBucket

A valid S3-Bucket name

The name of the bucket that holds the public media files

privateBucket

A valid S3-Bucket name

The name of the bucket that holds the private media files

uploadsBucket

A valid S3-Bucket name

The name of the bucket that holds the uploads (eg - 3D files)

accessKey

Any String

The access key of the IAM user that should access the private and public media buckets

secretKey

Any String

The secret key of the IAM user that should access the private and public media buckets

Bucket Permissions

You will need to specify a bucket for each of the 3 different file types. We suggest you create one bucket for each. Each of the buckets would need to have the following ACL set:

  • Public Media: ACL=public-read

  • Private Media: ACL=private

  • 3D files: ACL=private

Furthermore, you will need to give an IAM user ( or an IAM Role ) full access to all buckets and permission to list all available buckets. To do so, attach the following IAM policy to the entity that's accessing the buckets:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Action": "s3:*",
    "Effect": "Allow",
    "Resource": [
      "arn:aws:s3:::<<Public-Media-Bucket>>",
      "arn:aws:s3:::<<Public-Media-Bucket>>/*",
      "arn:aws:s3:::<<Private-Media-Bucket>>",
      "arn:aws:s3:::<<Private-Media-Bucket>>/*",
      "arn:aws:s3:::<<3D-Files-Bucket>>",
      "arn:aws:s3:::<<3D-Files-Bucket>>/*"
    ]
  },
  {
    "Effect": "Allow",
    "Action": "s3:ListAllMyBuckets",
    "Resource": "arn:aws:s3:::*"
  }
  ]
}

  • No labels