S-Filer Portal

English

Français

English

Français

Theme

Configuration in AWS S3

Note

AWS S3 is a cloud storage service offered by Amazon Web Services, but also corresponds to a protocol offered by several other providers. The solution therefore does not limit use to AWS, but opens the door to other providers implementing the protocol in the same way as Amazon.

Step 1 - Connect to the AWS console

Log on to the AWS console (https://aws.amazon.com/en/console/) using your browser and login details.

Step 2 - Create an IAM user

It is essential to protect access to the S3 Bucket containing S-Filer Portal data. This applies even if the files in the S3 Bucket are encrypted by the solution. To do this, you need to create an IAM user with the necessary permissions to access the S3 bucket.

From the home page, use the search bar to access the IAM service. Use the link in the top right-hand corner of the page to create a new IAM user.

When the user creation panel appears, give the user a meaningful name. Click on the Next button at the bottom of the page to access the authorization configuration page.

aws-iam-01

In the Permissions control panel, select Attach policies directly and search for the "AmazonS3FullAccess" policy. Click on the Next button at the bottom of the page to validate the user settings. When everything is configured, click on the Create user button to create the IAM user.

aws-iam-02

Then return to the list of IAM users and click on the user you have just created. Use the Create access key link in the "Summary" section. This will create an access key for the IAM user. A panel will appear displaying best practices and alternatives for access keys. Select the Other option at the bottom of the list and click on the Next button.

In the next panel, take a moment to give a description to the access key being created and press the Create Access Key button. This will create the access key and the access secret.

aws-iam-04

Make a note of the access key and secret access key. This information will be needed to configure S-Filer Portal.

aws-iam-05

Step 3 - Creating an S3 Bucket

From the home page, use the search bar to access the S3 service.

Use the link in the top left-hand corner of the page to create a new S3 Bucket.

aws-s3-01

Select the options corresponding to your needs and click on the Next button at the bottom of the page. Be sure to give your compartment a meaningful name and keep it. This will be needed to configure S-Filer Portal.

It is also necessary to apply the correct compartment strategy.

Here's an example of a compartment strategy that could be used for S-Filer Portal. This strategy allows the user to list, download, upload and delete objects in the S3 compartment. It is recommended to limit access to what is necessary for the proper operation of S-Filer Portal.

json
{
    "Version": "2012-10-17",
    "Id": "Policy1706900732430",
    "Statement": [
        {
            "Sid": "Statement-1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::814557519622:user/sfiler-doc-user"
            },
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::sfiler-doc-s3",
                "arn:aws:s3:::sfiler-doc-s3/*"
            ]
        }
    ]
}

In the previous example, you need to replace arn:aws:iam::814557519622:user/sfiler-doc-user with the name of the IAM user created previously, and arn:aws:s3:::sfiler-doc-s3 with the name of the S3 Bucket created previously.

Copyright ©2011-2024 Okiok Data Ltd, All rights reserved.