Saving files to AWS S3 Bucket (IAM Method)
Please Note: For easier setup and troubleshooting, we highly recommend using the Account Method to create your AWS S3 Bucket rather than this IAM Method. Please continue to this article for directions on how to create your S3 Bucket using the account method.
By default, files uploaded to Tadabase applications are saved to Tadabase's S3 bucket storage servers. Tadabase customers on select subscription plans have the option to save their files directly to their own custom-hosted S3 buckets.
There are significant benefits to saving files directly to your own custom-hosted S3 buckets including:
- Files stored in your custom S3 bucket will not be counted towards your Tadabase storage limitations.
- Satisfy your company or organization file storage compliance policies
- Custom storage provides you with full and customized control over your file storage method preferences.
Should you choose to save your uploaded files directly to your custom S3 bucket, this article will guide you through how to accomplish this.
Before we get started on how to set up your custom AWS S3 bucket, there are several items to note:
-
At this time, secure files do not work with custom S3 buckets.
-
By choosing to upload files directly to your custom S3 bucket, you take sole responsibility for your file storage and understand that Tadabase can not troubleshoot any issues related to your S3 bucket or AWS account.
-
Changing your file storage location will not migrate existing files in your app.
Create AWS S3 Bucket
We will now discuss how to create your own custom AWS S3 bucket integration with the following four steps:
Let's explore each of these four steps below.
1. Login to your AWS Console
The first step is to login to your AWS Console. If you do not yet have an AWS account you can easily create an account here: https://aws.amazon.com/
Please Note: You are solely responsible for any and all files stored in your AWS account. Files stored in your AWS account will not be counted towards your storage limits in Tadabase.
2. Create an S3 Bucket
Once inside your AWS console, navigate to Amazon S3 and click on Create bucket to create a new bucket:
Give your bucket a name and choose the region you wish to use. Generally, picking the region closest to your users is the recommended approach.
Next, deselect the option for "Block all public access" and ensure that only the following two options are selected:
- "Block public access to buckets and objects granted through new public bucket or access point policies"
- "Block public and cross-account access to buckets and objects through any public bucket or access point policies"
Please keep track of your Bucket Name and Region as you will need this information in the following steps.
3. Create IAM User
The next step is create a set of permissions which will grant least amount of access to an API key. You can accomplish this in your AWS Console within your IAM (Identity and Access Management) portal in three steps:
1. Create Custom Policy
Inside your IAM portal, under Access Management, click on Policies. Then click on the Create Policy button:
On the following page, click the JSON tab:
And paste the following code into the JSON window:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-tadabase-custom-s3-bucket",
"arn:aws:s3:::my-tadabase-custom-s3-bucket/*"
]
}
]
}When pasting the above code into the JSON window, be sure to update the bucket names with the bucket name you created in the previous step. For instance, in this case our bucket name is "my-tadabase-custom-s3-bucket" so we have replaced the bucket names with this bucket name in the above code.
Next, click Review Policy and give your policy a name and description. Then click Create Policy.
2. Create a new group
Creating a new group requires three simple steps:
Let's walk through each of these three steps.
1. Set group name
Give your group a meaningful name:
2. Attach policy
Next, attach the policy you just created in the previous step to this group. This will give everyone in this group the permissions set in the Policy.
Find the policy you created and select it from the list:
3. Review
Review and verify your new group configurations and click Create Group.
3. Create new user and assign to group
In the IAM left-hand navigation, click on Users and then Add User:
Give your user a name and choose Programmatic access:
Next, add this user to the group you created in the previous step. Click Add user to group and select the group from the list. Then click on the Next: Tags button to add optional tags. And finally, click Create User:
You will then see a page with the newly created credentials you will use to give your Tadabase app access to your custom AWS S3 bucket.
Copy the Access key ID and Secret access key and store these key values for safekeeping.
At this point you should have the following values saved:
- Bucket Name
- Region
- Access Key ID
- Secret Access Key
4. Add API credentials to your Tadabase app
Now that you've generated your AWS S3 keys, you need to add these credentials within your Tadabase app.
Back inside your Tadabase app, click on Settings on your app navigation bar, select File Storage Settings, and select My own AWS S3 bucket as your file storage setting.
Then add your S3 API credentials including your bucket name, key, secret, and region and click Save:
Now going forward, any file field inside your Tadabase app will save the files to this custom AWS S3 bucket.
Please Note: Any existing files already hosted on the Tadabase S3 bucket or Dropbox will not be migrated and will remain in their current location.
We'd love to hear your feedback.