Configuration

To configure the S3 Object Storage Filesystem plugin :

  1. Open an Editor Profile for editing and click on the Editor Parameters tab.
  2. Click on the Filesystem tab.
  3. Select S3 Object Storage from the Filesystem list.
    Select S3 Object Storage Filesystem
  4. Enter in your S3 Object Storage settings. Bucket name and Endpoint are required. Access Key and Secret Key are required if you are not using a Credentials Profile
    S3 Object Storage Parameter Options

    Access Key - Your S3 Access Key ID

    Secret Key - Secret Access Key

    Credentials Profile - The name of the credentials profile (Optional). See Using a Credentials File

    Credentials Path - The full server path to the credentials file (Optional). See Using a Credentials File

    Bucket name - S3 Bucket Name. For more information on S3 Buckets, see Introduction to Amazon S3 - Buckets

    CName - A Canonical Name for the bucket (Optional).

    Endpoint - The Region where the bucket is stored. See Introduction to Amazon S3 - Regions

    Custom Endpoint - If the Endpoint option is set to Custom Endpoint, specify a custom endpoint for an S3 compatible Object Storage service eg: s3-eu-west-1.amazonaws.com

    ACL Level - Default ACL level for new files and folders. See Introduction to Amazon S3 - ACL

  5. Click Save

With the Amazon S3 options set, you can now uses this as your default Filesystem, or revert to using the default Joomla! filesystem, and assign the Amazon S3 Filesystem to individual add-ons like the File Manager or Media Manager in the plugins parameters.

Using a Credentials File

Using a Credentials File for the Access Key and Secret Key recommended, as this does not store the Access Key and Secret Key in the database. Amazon provides an explanation of the Credentials File and Profile, but this plugin provides an additional option to set the full server path to the file, which may be required if the server HOME directory cannot be determined.

The credentials file is a special INI-formatted file that contains one or more Credentials Profiles, each containing an Access Key and Secret Key, eg:

[default]
aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID
aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY

[project1] 
aws_access_key_id = ANOTHER_AWS_ACCESS_KEY_ID 
aws_secret_access_key = ANOTHER_AWS_SECRET_ACCESS_KEY

If no Credentials Profile is set in the options above, then "default" is used.

  1. Create a folder called "credentials" on your server outside of your site root (the site root path usually ends with /public_html)
  2. In a text editor, Cpanel or in an FTP client, create a new file in this folder called .aws (or download a sample file - unzip after download)
  3. Add the Credentials Profiles and Access Key and Secret Key as required.
  4. In the Joomla Administration, go to Site -> System Information, and find the tmp_path value. Copy the value up to but excluding "/public_html"
    eg: /home/my_account/my_site
  5. Paste this path into the Credentials Path option field, adding any other folder name you created the "credentials" folder in
    eg: /home/my_account/my_site/private_html

IAM Permissions

The following IAM permissions are required. The Sid value is optional and is used to differentiate between policies. It can be any word value using letters and numbers without spaces or special characters.

Replace your-bucket-name in the Resource section with the name of your S3 bucket.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "jceAWS1",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket-name",
                "arn:aws:s3:::your-bucket-name/*"
            ]
        }
    ]
}