AWS S3

  • Updated

An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. 

A user in AWS consists of a name, credentials and an appropriate access policy. 

The Filespace creation requires an IAM User with Access key ID and Secret access key with appropriate permissions to interact with resources within your AWS account.

Access key creation

1. Login to your AWS Management Console

2. Within Services, select Security, Identity & Compliance and choose Identity and Access Management (IAM)

3. Once within IAM navigate to Users (recommended use is individual user access keys rather than root access keys as users can be disabled/updated without affecting global account access)

1 - Create user.png

4. Create or manage an existing (in this topic we will 'add user') select Create User

5. Provide a valid Username and select Next to continue. The user does not need access to the AWS Management Console.

2 - user details.png

6. Select Attach policies directly and assign an appropriate Access Policy to the user (in this example we have chosen an in-built S3 Policy type of AmazonS3FullAccess; CREATE BUCKET, PUT, GET, LIST, DELETE Bucket/Object permissions are required) and Next to continue.

3 - attach security policy.png

7. Review and Create user

4 - confirm details.png

8. Once successful, click on the created user, go to the Security Credentials section and Create access key.

5 - create access keys.png

9. Select Third-party service and Next.

6 - choose 3rd party.png

10. Save your user security credentials (Access key ID and Secret access key) in a safe place. You can Download .csv file or Show to make visible and click Done once complete.

7 - save access keys.png

Once the credentials have been configured, please proceed to the Filespace creation.

Filespace creation

Please login to our Web App or through the desktop application. Click on "Create Filespace":

1 - Create Filespace.png

Enter the name of your Filespace:

2 - Select your FS name.png

Select "Your own storage" and choose AWS:

3 - Select your Storage type.png

Select the cloud storage provider region. You can enter the name of the bucket you have created. LucidLink automatically creates a bucket based on the Filespace name and a globally unique identifier if no bucket name is provided.

5 - Enter your bucket name.png

Enter the Access Key and Secret Key generated (see the Access key Generation section)

6 - Enter your public and private key.png

Finally, once you have confirmed all the settings are correct, you can create your Filespace.

7 - Confirm your details.png

Please reach out to LucidLink Support should you encounter any challenges.

Advanced Identity and Access Management (IAM) User Policies

An AWS IAM user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. 

Each IAM user requires a policy providing access to account resources. 

Should you want to limit the policy of an IAM User to only have the required S3 permissions to allow on the functionality of our Filespace (CREATE BUCKET, PUT, GET, LIST, DELETE Bucket/Object). 

Please refer to below JavaScript Object Notation (JSON) example policy templates. 

The 1st policy allows a specific IAM User to access only a specific pre-allocated bucket, this bucket must exist and can be specified during the Filespace creation.

1. Specific IAM User to Bucket Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket-name>/*",
                "arn:aws:s3:::<bucket-name>"
            ]
        }
    ]
}

Our 2nd policy provides an IAM User with the necessary permissions to create a bucket, should they be responsible for an account which requires multiple Filespaces.

LucidLink automatically creates a bucket based on the Filespace name and a globally unique identifier if no bucket name is provided.

2. IAM User with Create Bucket included in Policy

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:CreateBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "*",
                "arn:aws:s3:::*/*"
            ]
        }
    ]
}

3. Create policy steps

1. Go to the Policies section and select Create policy.

8 - security policies.png

2. Select JSON under Create policy wizard and copy/paste appropriate policy into the text editor. Depending on which policy is required, adjust accordingly to ensure that if the specific bucket policy is chosen you update the <bucket-name> with your actual bucket - highlighted in yellow. Then press Next.

9 - create security policy.png

3. Name the policy, review the policy details, ensuring everything is correct and select Create policy.

10 - confirm security policy.png

4. Refresh your policy filter in step 6 of the first section of this article and specify your newly created policy.

Once you have your custom policy assigned and credentials configured, please continue to the Filespace creation section of this article.

Choosing your Amazon S3 storage class

We recommend using the general-purpose, S3 Standard storage class for the objects of your filespace. None of the AWS Glacier classes are supported by LucidLink.

Was this article helpful?

0 out of 0 found this helpful