To let you easily store your files and access them from anywhere without overloading your local server, 6amTech introduced Amazon S3 storage in its products.
This guide will walk you through setting up Amazon S3 storage for 6amTech products. S3 is a secure and scalable storage solution that can be used to store various types of data for your application.
Prerequisites: An AWS account (Use an existing one or if you don’t have one, you can create a free tier account)
Step 1: Create an account in AWS
- Visit: aws.amazon.com.
- Sign Up: Click on “Create an AWS Account”.
- Provide Details: Fill in the required information such as email, password, and account name.
- Billing Information: Enter your billing details (credit card information is required).
- Identity Verification: Complete the phone verification process.
- Select Support Plan: Choose a support plan (the free plan is usually sufficient for most users).
Step 2: Create a User Group
- Navigate to IAM: In the AWS Management Console, type “IAM” in the search bar and select “IAM” from the results.
- Create a User Group: On the left sidebar, click on “Users Groups” and then “Create Group”.
- Enter a name for the group, I am going to call mine “S3FullAccess”. All the users in this group will have full access to do anything to any of my S3 buckets. But they will have access to make changes to S3 buckets only.
- Attach Policies: To find the “S3” permissions policies, simply scroll down to the “Attach Permissions Policies” section using the search bar. Hit enter for the list to update.
- Create Group: Check the box next to “AmazonS3FullAccess” and click the “Create Group” button on the bottom.
Step 3: Create IAM User for Access
- Navigate to IAM: In the AWS Management Console, type “IAM” in the search bar and select “IAM” from the results.
- Add User: Click on “Users” and then “Create user”.
- User Name and Access Type: Enter a user name and select “Programmatic Access” for access type.
- Set Permissions: Click on “Next: Permissions”.
- Attach User Policy: Attach existing policies directly and search for “AmazonS3FullAccess” or create a custom policy if you want more fine-grained control.
[Important Note: Please ensure that you select the option to grant the user AWS Console access only if you are fully aware of the implications otherwise do not check the box. Enabling this access will provide the user with both AWS console and API access, which goes against the intended purpose of this demo.] - Add User to Group: Click on the “Next” button to continue. Then, proceed to include this user in the recently created group by selecting the checkbox next to the group and clicking on “Next.”
- Adding Tags (Optional): You can add “Tags” to your user if you want, I normally just skip these. Click “Create user” to finalize the IAM user creation.
Step 4: Get Access Key & Secret
- Add User: Click on “Users” and then “Create user”. The next screen should show you a list of all your users, click on the user you just created.
- Access Keys: Click on the Security credentials tab and scroll down to the “Access keys” section.
- Create Access Key: Click on “Create access key”. For this tutorial, the user we are creating is essentially a “Third-party service”, select it, check the Confirmation at the bottom, and click “Next”.
[ Note: I skipped the description tag. Each user can have multiple access keys (up to 2) and you can label them here if you want] - Save Keys: After moving to the next page, you will find your access key. From there, you can choose to show or copy your secret access key. Both of these values are essential for your further use.
Let’s head back over to the Admin Panel and update Storage Connection Setup accordingly, Fill up your API key, secret key, and region like this.
Step 5: Create an S3 Bucket
1. Sign In to AWS Console: Go to the AWS Management Console and sign in.
2. Navigate to S3: In the AWS Management Console, type “S3” in the search bar and select “S3” from the results.
3. Create Bucket:
a. Click on the “Create bucket” button.
b. Provide a unique bucket name and choose the region closest to your users. In this case, the naming is “S3FullAccess”.
c. Configure any other settings as needed (you can leave most settings as default).
d. Additionally, be sure to take note of the “AWS Region”, you will need this in your .env file.
e. Scroll down and check the “ACLs enabled” radio button in the “Object ownership” section.
f. Select “Object writer”.
g. Uncheck the “Block all public access” and check the acknowledgment.
h. I will keep versioning disabled, with no tags. I will leave the rest of the defaults untouched and click “Create bucket”.
A Note about Bucket names: Bucket names are unique per region. The `us-east-1` region is closest to where I live and the one I typically use, but so do a LOT of people. The bucket name “Laravel” for example will not be available there because someone else created it first. Choose your bucket name carefully.
5.1: Update the Bucket Policies and CORS
1. The next screen should be a list of your buckets, click on the one you just created.
2. Go to the “Permissions” tab.
3. Adjust the bucket policy and CORS settings as needed (you may need to configure policies to allow your application to access the bucket).
4. In the “Bucket Policy” section click the “Edit” button, and paste the following code, but make sure you update it with your bucket’s name and click “Save Changes”.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}
5. You can read more on how to control who and what has access to your bucket objects, this statement will allow any “Principal” or entity to take any action in our bucket. You can get more strict with statements like this as you learn more.
6. Scroll to the “Access control list (ACL)” section and click the “Edit” button.
7. Check the box for “List” and “Read” next to “Everyone (public access)”, check the acknowledgment on the bottom, and click “Save Changes”.
8. Scroll down to the “Cross-Origin Resource Sharing (CORS)” section, click the “Edit” button and paste in the following code:
[
{
"AllowedHeaders": [],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
]
}
]
9. In the “AllowedOrigins” section of that JSON, we are allowing ALL origins, which means ANY domain can access the objects in this bucket. If you want to limit that to a specific domain you can adjust it here.
10. Click on the “Objects” tab. We will refresh this section once we push some objects to the bucket.
11. Let’s head back over to the Admin Panel and update the Storage Connection setup accordingly, set your bucket name, URL, endpoint, etc like this.
AWS_ACCESS_KEY_ID=AKIA35DMCR3BAIFEVVMP
AWS_SECRET_ACCESS_KEY=YMrG4Tw6UQ0HHKU/ByvhBxuF56jKhgTJfBwHUkVR
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=noonewillevergetthisbucketname
AWS_URL="https://noonewillevergetthisbucketname.s3.us-east-1.amazonaws.co
m/"
AWS_ENDPOINT="https://s3.amazonaws.com/"
AWS_USE_PATH_STYLE_ENDPOINT=true