To configure the S3 Object Storage Filesystem plugin :
- Open an Editor Profile for editing and click on the Editor Parameters tab.
- Click on the Filesystem tab.
- Select S3 Object Storage from the Filesystem list.
- Enter in your S3 Object Storage settings. Bucket name and Endpoint are required. Access Key and Secret Key are required if you are not using a Credentials Profile.
Access Key - Your S3 Access Key ID
Secret Key - Secret Access Key
Credentials Profile - The name of the credentials profile (Optional). See Using a Credentials File
Credentials Path - The full server path to the credentials file (Optional). See Using a Credentials File
Bucket name - S3 Bucket Name. For more information on S3 Buckets, see Introduction to Amazon S3 - Buckets
CName - A Canonical Name for the bucket (Optional).
Endpoint - The Region where the bucket is stored. See Introduction to Amazon S3 - Regions
Custom Endpoint - If the Endpoint option is set to Custom Endpoint, specify a custom endpoint for an S3 compatible Object Storage service eg: s3-eu-west-1.amazonaws.com
ACL Level - Default ACL level for new files and folders. See Introduction to Amazon S3 - ACL
- Click Save
With the Amazon S3 options set, you can now uses this as your default Filesystem, or revert to using the default Joomla! filesystem, and assign the Amazon S3 Filesystem to individual add-ons like the File Manager or Media Manager in the plugins parameters.
Using a Credentials File
Using a Credentials File for the Access Key and Secret Key recommended, as this does not store the Access Key and Secret Key in the database. Amazon provides an explanation of the Credentials File and Profile, but this plugin provides an additional option to set the full server path to the file, which may be required if the server HOME directory cannot be determined.
The credentials file is a special INI-formatted file that contains one or more Credentials Profiles, each containing an Access Key and Secret Key, eg:
[default] aws_access_key_id = YOUR_AWS_ACCESS_KEY_ID aws_secret_access_key = YOUR_AWS_SECRET_ACCESS_KEY
[project1]
aws_access_key_id = ANOTHER_AWS_ACCESS_KEY_ID
aws_secret_access_key = ANOTHER_AWS_SECRET_ACCESS_KEY
If no Credentials Profile is set in the options above, then "default" is used.
- Create a folder called "credentials" on your server outside of your site root (the site root path usually ends with /public_html)
- In a text editor, Cpanel or in an FTP client, create a new file in this folder called .aws (or download a sample file - unzip after download)
- Add the Credentials Profiles and Access Key and Secret Key as required.
- In the Joomla Administration, go to Site -> System Information, and find the tmp_path value. Copy the value up to but excluding "/public_html"
eg:/home/my_account/my_site
- Paste this path into the Credentials Path option field, adding any other folder name you created the "credentials" folder in
eg:/home/my_account/my_site/private_html
IAM Permissions
The following IAM permissions are required. The Sid value is optional and is used to differentiate between policies. It can be any word value using letters and numbers without spaces or special characters.
Replace your-bucket-name in the Resource section with the name of your S3 bucket.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "jceAWS1", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject", "s3:GetObjectAcl", "s3:PutObject", "s3:PutObjectAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*" ] } ] }