-
Notifications
You must be signed in to change notification settings - Fork 207
Configuring The AWS S3 Bucket
As of version 1.4.6
, Evaporate allows changing the bucket name for
each file. If multiple buckets are used, then each bucket must have the
correct Policies and CORS configurations applied.
-
Configure your S3 bucket, make sure your CORS settings for your S3 bucket looks similar to what is provided below (The PUT allowed method and the ETag exposed header are critical).
The
DELETE
method is required to support aborting multipart uploads.<CORSConfiguration> <CORSRule> <AllowedOrigin>https://*.yourdomain.com</AllowedOrigin> <AllowedOrigin>http://*.yourdomain.com</AllowedOrigin> <AllowedMethod>PUT</AllowedMethod> <AllowedMethod>POST</AllowedMethod> <AllowedMethod>DELETE</AllowedMethod> <AllowedMethod>GET</AllowedMethod> <ExposeHeader>ETag</ExposeHeader> <AllowedHeader>*</AllowedHeader> </CORSRule> </CORSConfiguration>
-
If you are using S3 Transfer Acceleration, configure the bucket to support it as well.
-
Determine your AWS URL for your bucket. Different regions use different URLs to access S3. By default, Evaporate uses
https://s3.amazonaws.com
. To change the AWS Url, use optionaws_url
.Failure to use the correct AWS URL may result in CORS or other server-side failures at AWS.
-
Configure your S3 bucket Policy to support creating, resuming and aborting multi-part uploads. The following AWS S3 policy can act as a template.
Replace the AWS ARNs with values that apply to your account and S3 bucket organization.
{ "Version": "2012-10-17", "Id": "Policy145337ddwd", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::6681765859115:user/me" }, "Action": [ "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:PutObject" ], "Resource": "arn:aws:s3:::mybucket/*" } ] }
If you configure the uploader to enable the S3 existence check optimization (configuration option
allowS3ExistenceOptimization
), then you should add thes3:GetObject
action to your bucket object statement and your S3 CORS settings must includeHEAD
method if you want to check for object existence on S3. Your security policies can help guide you in whether you want to enable this optimization or not.Here is an example of the bucket object policy statement that includes the required actions to re-use files already uploaded to S3:
{ "Version": "2012-10-17", "Id": "Policy145337ddwd", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::6681765859115:user/me" }, "Action": [ "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::mybucket/*" } ] }
-
Setup a signing handler on your application server (see
signer_example.py
). This handler will create a signature for your multipart request that is sent to S3. This handler will be contacted via AJAX on your site by evaporate.js. You can monitor these requests by using developer tools of most browsers.Evaporate supports using an AWS lambda for signing. The
example
folder contains skeleton implementations of signing handlers implemented in several common languages.