Using your Own S3 Bucket
Overview
For the Single User Plan, files are saved in an S3 bucket in our environment by default. However, you may want to use your own specific S3 bucket.
To accomplish this, you will need to grant us permission to your S3 bucket. This article walks you through this process.
Create an IAM user
You will need to create an IAM user. Permissions for the S3 bucket will be associated with this IAM user. Then, you will send us the access credentials for this user. Your SFTP account will use these access credentials to connect to your S3 bucket.
Navigate to IAM.
Next, navigate to the Users section.
Click Add users and then configure a User name.
Note: Make sure Not to check the box for Provide user access to the AWS Management Console. We do not want the ability to log into your AWS console.
Configure S3 permissions
In this section, you will add permissions that are tailored down to a single S3 bucket. This will allow our SFTP Gateway service to read and write to your bucket.
Under Step 2, Set permissions select the permission option of Attach policies directly.
Then, click Create policy. Select the JSON tab.
Give this user the following IAM permissions, via an in-line policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::your-bucket-name"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::your-bucket-name/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
Remember to replace your-bucket-name with the value of your actual bucket name.
Note: Make this change in two locations.
Once your policy has been created, navigate back to the Create IAM user tab.
Under Permission policies, click the refresh icon and you should see one new policy, which you just created. Using the search bar, find your newly created policy and select it.
Once your policy has been selected, click Next.
Check that everything looks as it should under Review and create and click Create user.
Now that your user has been created, click on it so you're under the Summary page.
Gather the access credentials
Our SFTP Gateway service requires an access key and secret in order to leverage the permissions of the IAM user.
Navigate to the Security credentials tab, and scroll down until you see the Access keys section.
Click Create access key. Navigate through the steps and click Create access key.
Make sure to store the value of the Access key and the Secret access key.
Sending your Information to Support
To configure your custom bucket, we will need a few pieces of information such as:
- The name of your SFTP User
- The name of your S3 bucket
- The region your S3 bucket is located
- Your access key & secret access key values
With this information, we will be able to create a Cloud Connection pointing towards your S3 bucket and configure your SFTP user to use the bucket as well.
This way, when you connect to the server, you will see your own files and folders located in your S3 bucket.
So, feel free to send us a message at support@thorntech.com that might look something like this:
Hello support,
I would like my SFTP user to connect to our own S3 Bucket.
Here is the required information:
SFTP User name: bryce-wagner
Bucket Name: my-bucket
Bucket Region: us-east-1
Access Key: AKIAVZCOEA3G5WZKKA7Q
Secret Access Key: Uqd9hjNOYkCfZOVY/QPRWCIJYsa6laW+bSLwJBE
Please let us know when our SFTP user has been updated.
Thanks,
Bryce
Note: Make sure to change the required information to match your own values.