Setting Up Amazon S3
Before we can use Media Cloud, you’ll first need to go through some basic steps to create a bucket on S3 and a user account we can use to access that bucket.
Using the Amazon console can be a little intimidating at first, but if you stick to these steps you should be able to breeze right through it.
Step 1. Create an S3 Bucket
The first thing we’ll need to do is create the bucket we’re going to use for storing our media and files. If you haven’t already, log into your Amazon AWS account: Amazon AWS Console.
Once you’ve logged in, select the S3 service. When the S3 Console has loaded, select Create Bucket to get started:
Step 1.1 – General Configuration and Object Ownership
When you click on Create Bucket, you’ll be presented with a multi-step form. In the first section of the form, enter in the following information:
-
Bucket Name
-
Region
You should select a region that is closest geographically to either your server or to yourself (if using Direct Uploads).
Below that is the Object Ownership section. You must set this to ACLs enabled and Object Ownership needs to be set to Object writer.
Step 1.2 – Public Access
In this section of the form, make sure to uncheck Block all public access. You must then check the acknowledgement at the bottom of this section.
Step 1.3 – Transfer Acceleration (Optional)
It’s highly recommended that you enable transfer acceleration on your bucket to improve upload and download speeds. There will be an extra charge incurred for having it enabled, however.
To enable Transfer Acceleration, select your bucket in the S3 console and select the Properties tab. Scroll down until you find a panel named Transfer acceleration. Click on it to expand it and select the Enabled option.
Click on Save to save the setting.
Step 2 – Create Policy
For our next step, we’ll be creating a policy that controls how the AWS user account we’ll be creating in Step 3 accesses our bucket. We want to define the narrowest set of permissions possible to keep things secure.
Select IAM from the services menu in the AWS Console. Once the IAM console has loaded, click on Policies on the left hand side of the page and then click on Create Policy to get started.
Step 2.1 – Define the Policy
When you click on Create Policy a wizard dialog will appear.
Click on the JSON tab and paste the following JSON into it:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:DeleteObjectTagging",
"s3:ListBucketMultipartUploads",
"s3:DeleteObjectVersion",
"s3:ListBucket",
"s3:DeleteObjectVersionTagging",
"s3:GetBucketAcl",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:GetObjectAcl",
"s3:GetObject",
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:PutObjectAcl"
],
"Resource": [
"arn:aws:s3:::YOURBUCKET/*",
"arn:aws:s3:::YOURBUCKET"
]
}
]
}IMPORTANT! Make sure you replace YOURBUCKET with the name of the bucket you created in Step 1.
Click on Review Policy to continue.
Step 2.2 – Name the Policy
On the next screen, give the policy a name and description that is meaningful to you.
Click on Create Policy to create the policy.
Step 3 – Create IAM User
While still in the IAM console, select Users on the left hand side of the page and then click on Add user.
Step 3.1 – User Properties
In the create user wizard:
-
Give the user a name
-
Check the Programmatic access checkbox and make sure that AWS Management Console access is unchecked
Click on Next: Permissions
Step 3.2 – Permissions
On the Permissions step, select Attach existing policies directly. In the list of policies directly below, find the policy we created in the previous step and check the checkbox next to it.
Click on Next: Tags and then click on Next: Review on the screen that follows. Make sure everything is correct and click on Create user.
Step 3.3 – Download Credentials
Once you’ve clicked on Create user you’ll see a screen that will allow you to download your credentials as a CSV file.
Download them and keep them in a safe place. We will need them for configuring Media Cloud.
Step 4 – CORS Configuration (Optional)
If you intend to use Direct Upload functionality, you’ll need to set the CORS policy on your bucket.
Step 4.1 – Bucket Properties
Log into the Amazon S3 Console and select your bucket. Click on the Permissions tab and then select CORS Configuration. Click on the Edit button.
Copy and paste the example CORS configration found below into the CORS configration editor in the S3 console.
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"HEAD"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]Click Save.
Your CORS configuration has now been set and you should be able to perform direct uploads when you’ve enabled that feature.
Step 5 – Configure Media Cloud
Now that everything has been set up with Amazon, it’s time to setup Media Cloud.
Navigate to Settings in the Media Cloud admin menu and select Cloud Storage.
Step 5.1 – Provider Settings
In the Provider panel, set the Storage Provider to Amazon S3.
In the Provider Settings section, supply the Access Key and Secret from the CSV file we downloaded in Step 3.3.
For the Region you can set this Automatic or select the region you created the S3 bucket in, if you remember it.
If you turned on Transfer Acceleration for your bucket, toggle this to on.
At this point, these are the basic settings you need to get S3 working with Media Cloud. Save the settings and run the Troubleshooter to verify that everything is working correctly.