Amazon S3 Connection
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Amazon S3 Connection

  • Dark
    Light
  • PDF

This is a step-by-step tutorial for creating an Amazon S3 connection.

Prerequisite

Create an AWS User for Rivery

Create a user for Rivery and grant it permission to manage and read the FileZone bucket by following these steps:

  1. Sign in to the AWS Management Console and open the Amazon S3 console.

  2. Navigate to Users - > Add User.

image.png

  1. In the console, set your username, and check the Access type to Programmatic access.

image.png

  1. Click Next: Permissions.

  2. In the Set Permissions form select Attach Existing Policies Directly.

  3. Click Create Policy.

image.png

  1. Navigate to the JSON tab.

image.png

  1. Copy and paste the following policy:
    Note:
    Replace <RiveryFileZoneBucket> with the name of your S3 bucket.
{
 "Version":"2012-10-17",
 "Statement":[
   {
    "Sid":"RiveryManageFZBucket",
    "Effect":"Allow",
    "Action":[
    "s3:GetBucketCORS",
    "s3:ListBucket",
    "s3:GetBucketLocation"
     ],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>"
   },
   {
    "Sid":"RiveryManageFZObjects",
    "Effect":"Allow",
    "Action":[
      "s3:ReplicateObject",
      "s3:PutObject",
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:PutObjectVersionAcl",
      "s3:PutObjectAcl",
      "s3:ListMultipartUploadParts"],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>/*"
  },
  {
     "Sid":"RiveryHeadBucketsAndGetLists",
     "Effect":"Allow",
     "Action":"s3:ListAllMyBuckets",
     "Resource":"*"
  }
 ]
}
  1. Select Review Policy.
  2. Give the Policy a name and click Create Policy.
  1. Using the rounded arrows on the upper right, refresh the list of policies, check the policy you just created, and select Next: Tags.

image.png

  1. Click Next: Tags, Next: Review and then Create User to complete the process.

  2. In the summary screen, you'll find the user's AWS credentials (Access key id and Secret access key), which you can download as a CSV file (this is the only time you'll be able to do so).

image.png

  1. The User should now be able to manage and read the FZ bucket that was created for Rivery. Please double-check that the policy you created is linked to the user you created.

create-an-aws-iam-user_mceclip63.png

Connection Procedure

AWS Keys

  1. Type in the Connection Name.
  2. From the drop-down menu, choose your Region.
  3. Select AWS Keys credentials type.
  4. Enter Your AWS Access key id and Secret access key.
  5. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

image.png

IAM Role - Automatic

  1. Type in the Connection Name.
  2. From the drop-down menu, choose your Region.
  3. Select IAM Role - Automatic credentials type.
  4. To initiate the AWS CloudFormation Stack, click the Launch Stack button.
  5. Replace the External ID in the Parameters section with the one you were given in the Rivery console.

image.png

  1. Check 'I acknowledge that AWS CloudFormation may create IAM resources' in the Review tab, then click Create.
  2. Copy the value of 'RiveryAssumeRoleArn' from the Output tab in the stack.
  3. Paste the Role ARN Key.
  4. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

IAM Role - Manual

  1. Type in the Connection Name.

  2. From the drop-down menu, choose your Region.

  3. Select IAM Role - Automatic credentials type.

  4. Initiate the AWS IAM console.

  5. Click Policies on the side menu, and select Create Policy.
    a. Navigate to the JSON tab.
    b. Copy the following policy:

{
 "Version":"2012-10-17",
 "Statement":[
   {
    "Sid":"RiveryManageFZBucket",
    "Effect":"Allow",
    "Action":[
    "s3:GetBucketCORS",
    "s3:ListBucket",
    "s3:GetBucketAcl",
    "s3:GetBucketPolicy"
     ],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>"
   },
   {
    "Sid":"RiveryManageFZObjects",
    "Effect":"Allow",
    "Action":[
      "s3:ReplicateObject",
      "s3:PutObject",
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:ListObjects*",
      "s3:PutObjectVersionAcl",
      "s3:PutObjectAcl",
      "s3:ListMultipartUploadParts"],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>/*"
  },
  {
     "Sid":"RiveryHeadBucketsAndGetLists",
     "Effect":"Allow",
     "Action":"s3:ListAllMyBuckets",
     "Resource":"*"
  }
 ]
}

c. Paste the Policy it into the description box, then click Review Policy.

  1. Name the Policy - 'Rivery-S3-Policy' and click Create Policy.
  2. Click Roles on the side menu, and select Create Role.
  3. Select Another AWS Account and change the Account ID to the one you were given in the Rivery console.
  4. Check Require External ID, and set External ID to the one you were given in the Rivery console.

image.png

  1. Click Next.
  2. Attach the 'Rivery-S3-Policy' to the Attach Policy form.
  3. Set Rivery-S3-Role as the role name.
  4. Copy the Role ARN From the Role's window and paste it into the field below.
  5. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

Was this article helpful?