This guide walks you through creating an AWS Access Key and Secret and gathering the configuration needed to create an AWS S3 storage integration.

## Create an AWS Access Key and Secret

Before you begin, make sure you have set up an [AWS S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/GetStartedWithS3.html) and have gathered [the ARN](https://docs.aws.amazon.com/AmazonS3/latest/userguide/security_iam_service-with-iam.html) of the bucket you would like to integrate.

### 1. Create a policy for S3 access

Once logged in to the AWS Management console with a user capable of managing users and access, use the search box to navigate to the **Policies** IAM feature screen. Click **Create policy**.

Using the policy editor, select the 'S3' service. Select the 'AmazonS3FullAccess' policy template. Click **Next**.

In the 'Resources' section make sure to select 'Specific' and click the **Add ARNs** link. Add your S3 bucket ARN to the policy.

Click **Next**, and supply a policy name such as 'S3StorageIntegration'. Click **Create policy**.

### 2. Create a user with API Only access

Use the search at the top of your management console to navigate to the **Users** IAM feature screen. Click **Create user**.

Fill in the User name field for the user. For example 'S3StorageIntegrationUser'. Leave the 'Provide user access to AWS Management Console' option unchecked, this user only needs programmatic access. Click **Next**.

Under permissions options select 'Attach policies directly'

Use the policy search box to filter by the name you gave to the policy in step 1. Select the policy and then click **Next**.

Review the user details and then click **Create user**

### 3. Get an Access Key ID and Secret

Back on the main Users list screen, find your new user and click it to open the details page.

In the 'Summary' section find the link to **Create access key**. If you are presented with a use-case screen select 'Other' and click **Next**. Add any descriptive tag desired and click **Create access key**.

You should be presented with a 'Retrieve access keys' screen where you can get your 'Access key' (Access Key ID) and 'Secret access key'. You will need to click the 'Show' link to reveal your secret access key.

Copy both of these values to a safe location.

## Configure the Integration

Create your integration by supplying all configuration values.

**Bucket**
This is the name of the bucket where files are stored.

**Region**
This is the AWS region where the bucket is located.

**Endpoint (optional)**
The endpoint used for connecting to the s3 bucket. This is only necessary if you are using a non-standard endpoint; for example, connecting to a minio server.

**Access Key ID**
This is the Access Key ID gathered in step 3.

**Secret Access Key**
This is the Secret Access key gathered in step 3.

**Session (Optional)**
A temporary session token. Session tokens are optional and are only necessary if you are using temporary credentials.