Configuring Amazon S3 for File Uploads

One of the projects that I am currently working on involves audio files. Since those can get rather large in size, I was concerned about storing them on the web server. I spoke with my boss about the situation, and we agreed that we would upload the files to our Amazon S3 account.

This is my first time working with Amazon S3. Luckily, this project is using the CMS that I built using Laravel. I say luckily because there are packages that other people have already created that make working with Amazon S3 insanely easy. I believe the Laravel core also works with S3 out of the box (or almost out of the box). I decided to use the GrahamCampbell/Laravel-Flysystem package in my project.

I had no issues finding documentation regarding how to upload files to S3. Where I ran into trouble was figuring out how to set things up within Amazon S3 itself. I never did find a definitive guide as to how to set things up, so I ended up using trial and error (lots of trial, several errors, and some cursing under my breath).Ā I figured that I couldn’t be the only person who was having these sorts of issues, so I wanted to share how I did things in the hopes that it might help someone else (and [more importantly] so I can come back and see how I did things if I have to do this for another project down the road. šŸ˜€ ).

The first obvious step is that you need an AWS account (or Amazon Web Services). So if you don’t already have one, head over to Amazon and create one.

Once you have your AWS account set up, log into your console and go to theĀ S3 service section for the following steps.

1) Create a bucket. See the Amazon documentation if you have any questions. This is where you will upload your files to.

2) View theĀ Properties for your bucket and add a new Permission.

  • Grantee: Any Authenticated AWS User
  • Permissions: List, Upload/Delete

3) Add a policy for the bucket that will make your files publicly available. Click on the “Add bucket policy” and add the following code to set up the policy. Make sure you replace BUCKET.NAME with the name of the bucket that you created. If you don’t do this, then your file will not be viewable on your website (or in my case the audio won’t play).

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "AllowPublicRead",
            "Effect": "Allow",
            "Principal": {
                "AWS": "*"
            },
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET.NAME/*"
        }
    ]
}

Switch to theĀ IAM service section for the remaining steps.

4) Create a Policy that will allow files to be uploaded, deleted, and read from the bucket that you created. Amazon has a policy generator to help you set things up. The final product should look similar to the following. Again, make sure you replace BUCKET.NAME with the name of the bucket that you created. You can change theĀ Sid to something else, but it needs to be unique for your account (I believe).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowFileReadUploadDeleteā€,
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET.NAME"
            ]
        }
    ]
}

5) Create a Group and apply your policy to that group.

6) Create a User and add the user to the group that you created. This user will inherit the permissions from the policy that was assigned to the group.

7) Record the Access Key ID and Secret Access Key for the user that Amazon gives you. You will not be able to view the secret access key at a later date, so make sure that you record it now. Otherwise you will have to reset it later and update any applications that are utilizing the user.

You should now be able to upload files to your Amazon S3 account from your website. As for how to do that … that’s a post for a later date. šŸ˜‰