Saving Files to Custom S3 Bucket (Account Method, Recommended)

Please Note: For easier setup and troubleshooting, we highly recommend using this Account Method to create your AWS S3 Bucket. Please follow the steps below to create a new S3 bucket. 

By default, files uploaded to Tadabase applications are saved to Tadabase's S3 bucket storage servers. Tadabase customers on select subscription plans have the option to save their files directly to their custom-hosted S3 buckets.

There are significant benefits to saving files directly to your custom-hosted S3 buckets, including:

1. Files stored in your custom S3 bucket will not be counted towards your Tadabase storage limitations.
2. Satisfy your company or organization file storage compliance policies
3. Custom storage provides complete and customized control over your file storage method preferences.

Should you choose to save your uploaded files directly to your custom S3 bucket, this article will guide you through how to accomplish this. 

Before we get started on how to set up your custom AWS S3 bucket, there are several items to note: 

1. By choosing to upload files directly to your custom S3 bucket, you take sole responsibility for your file storage and understand that Tadabase can not troubleshoot any issues related to your S3 bucket or AWS account. 

2. Changing your file storage location will NOT migrate existing files in your app. 

Secure vs. Non Secure

Tadabase has 2 distict settings when it comes to uploading files, one specific for secure files and a second for non secure files. A secure file is not accessible by visiting the URL of the file and can only be accessed by generating a signature behind the scenes that gets appended to the file. 

In this guide we'll go through the steps of creating a secure and a non secure configuration. Once you have these setup in the settings, be sure that when adding an attachments field you choose which bucket to store the uploaded files into. 

Creating a Non Secure Bucket

To get started, create a new bucket in S3 (link). Give it a unique name and select the region of your choice.

Under "Object Ownership," ensure the "ACLs enabled" option is selected. Leave everything else as the default: 

Under "Block Public Access settings for this bucket," choose the following options: 

You can choose to add Tags and enable Encryption and Bucket Versioning. These settings are optional and do not impact the integration into Tadabase. 

Next, click the Create Bucket button: 

Next, open this newly created bucket: 

Click on the Permissions tab: 

Under "Access control list (ACL)," click on the top Edit button:

Towards the bottom of the page, click on the Add Grantee button and paste in the value supplied by Tadabase Support. Check off all four checkboxes at the top of the page as shown below:

Grantee Value: dd67a3f2cc556b4bf71b6cc71dbd0a15d0aa479c2a73669fccd6399572402adc

The grantee value is not specific to your app and the same grantee value will work across all your apps.  

Click on the Save Changes button. 

Back in your Tadabase app, under File Storage Settings, select AWS S3, select Account Method, and enter the name and region from the earlier step: 

By following these steps you will have successfully set up your AWS S3 Bucket for custom file storage. 

Creating a Secure Bucket

The steps to create the secure bucket are identical to the steps for non secure with 1 key difference, in secure bucket we must also block public access to buckets and objects granted through any access control list: 

Uploading Files to S3 Buckets

The files are uploaded into the bucket via the Attachments fields in your app. Any attachment field will now start saving all new attachments to the buckets you defined earlier. 

The buckets are selected based on the fields settings of Secure or Not Secure

Direct Uploading

By default, Tadabase has a limit of 20MB for file uploads even when using your own S3 buckets. You can bypass this using the Direct Upload method withing any form that has the attachments field. However, for this to work you must ensure you update the bucket with proper CORS policies. 

1) Enable the Direct Upload:

Keep in mind the "Maximum File Size" value must also be defined and increased from the blank or default value of 20MB. Leaving it blank will keep the 20MB limit. 

Next, in your bucket in S3 go to "Permissions":

Scroll down to the Edit button in the CORS section:

and paste in the following value, e sure to update your apps domain: 

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST"
        ],
        "AllowedOrigins": [
            "https://app.example.com"
        ],
        "ExposeHeaders": [
            "ETag"
        ],
        "MaxAgeSeconds": 3000
    }
]

End result should look like this: