This guide walks you through creating an AWS Access Key and Secret and gathering the configuration needed to create an AWS S3 storage integration.
Create an AWS Access Key and Secret
Before you begin, make sure you have set up an AWS S3 bucket and have gathered the ARN of the bucket you would like to integrate.
1. Create a policy for S3 access
Once logged in to the AWS Management console with a user capable of managing users and access, use the search box to navigate to the Policies IAM feature screen. Click Create policy.
Using the policy editor, select the 'S3' service. Select the 'AmazonS3FullAccess' policy template. Click Next.
In the 'Resources' section make sure to select 'Specific' and click the Add ARNs link. Add your S3 bucket ARN to the policy.
Click Next, and supply a policy name such as 'S3StorageIntegration'. Click Create policy.
2. Create a user with API Only access
Use the search at the top of your management console to navigate to the Users IAM feature screen. Click Create user.
Fill in the User name field for the user. For example 'S3StorageIntegrationUser'. Leave the 'Provide user access to AWS Management Console' option unchecked, this user only needs programmatic access. Click Next.
Under permissions options select 'Attach policies directly'
Use the policy search box to filter by the name you gave to the policy in step 1. Select the policy and then click Next.
Review the user details and then click Create user
3. Get an Access Key ID and Secret
Back on the main Users list screen, find your new user and click it to open the details page.
In the 'Summary' section find the link to Create access key. If you are presented with a use-case screen select 'Other' and click Next. Add any descriptive tag desired and click Create access key.
You should be presented with a 'Retrieve access keys' screen where you can get your 'Access key' (Access Key ID) and 'Secret access key'. You will need to click the 'Show' link to reveal your secret access key.
Copy both of these values to a safe location.
Configure the Integration
Create your integration by supplying all configuration values.
Bucket This is the name of the bucket where files are stored.
Region This is the AWS region where the bucket is located.
Endpoint (optional) The endpoint used for connecting to the s3 bucket. This is only necessary if you are using a non-standard endpoint; for example, connecting to a minio server.
Access Key ID This is the Access Key ID gathered in step 3.
Secret Access Key This is the Secret Access key gathered in step 3.
Session (Optional) A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.