-
Notifications
You must be signed in to change notification settings - Fork 1
Amazon S3 bucket setup
The first step in setting up an Amazon S3 bucket for your project is to create an Amazon Warehouse Service account at this link.
Once you have done this, you can search for S3 and select the S3 service option.
Once on your S3 bucket service, click on "Create", which will take you to the creation of your S3 bucket.
When you have clicked on "Create", you will be presented with options for your bucket configuration. The key configurations are:
- Region: Choose the region that provides you with the lowest latency for data transfer.
- Bucket name: Choose any unique name for your bucket.
- Block all public access: Toggle this off, as we will configure who can access your bucket later.
Congratulations! You have created your Amazon S3 Bucket. Now we need to create an IAM account so we can restrict access to only people with the credentials of the IAM account. In the same search field where you searched for "S3", you will now search for "IAM". Click on the IAM service. Once here, click on the "Users" tab.
Now, click on "Create user", similar to where you clicked "Create bucket" before. Give the IAM account a name of your choosing, click on "Attach policies directly", and select the following two policies:
- AmazonS3FullAccess
- IAMReadOnlyAccess
Your user should now look something like this:
Press "Create user" and click on the username of your newly created user. On this page, press "Create access key".
Choose a use case and set a description, then press "Create".
You have now created the IAM account you are going to use to access your S3 bucket! Store your Access key and Secret access key securely, as you will need them later.
Now, return to the S3 bucket you created, click on it, and go to the "Permissions" tab. Scroll down to "Bucket policy" and press "Edit".
Here you will input the following bucket policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "<SEE BELOW>"
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::{YOUR_BUCKET_NAME}",
"arn:aws:s3:::{YOUR_BUCKET_NAME}/*"
]
},
{
"Sid": "Statement1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::{YOUR_BUCKET_NAME}/*"
}
]
}
For the AWS area, you can go to your IAM account and look here:
![image](https://github.com/1Cezzo/idatt2105-project-backend/assets/111747340/d4109582-2e28-4af5-b10d-bd2595dc8d96)
Copy this link in the "AWS" field, so it looks something like this:
"AWS": "arn:aws:iam::472570826290:user/{IAM_ACCOUNT_USERNAME}".
Now press save changes and you are done! You have successfully created an S3 bucket and an IAM account with access to the S3 bucket!
Now for your environment variables:
ENDPOINT_URL: <https://YOUR_REGION_HERE.amazonaws.com/> (example: <https://s3.eu-north-1.amazonaws.com/>)
BUCKET_NAME: The bucket name for your S3 bucket
ACCESS_KEY: The access key you created in your IAM account.
SECRET_KEY: The secret key you created in your IAM account.
Congratulations! You have now set up an Amazon S3 bucket and you can now use it securely through your backend via the IAM account.