How Do I Configure And Acquire Creds/Config Info For Team Server Installation On Amazon S3?

The AeroFS Team Server can be configured to use the Amazon Simple Storage Service (S3) as a backing store. The Team Server will encrypt, compress, and de-duplicate files stored on S3.

To configure Amazon S3 before setting up the Team Server:

Configure your new bucket:

  1. Go to your S3 bucket
  2. Click on the "Properties" tab
  3. Click on "Permissions" > "Add bucket policy" > "AWS Policy Generator"
  4. Set Type of Policy = "S3 Bucket Policy"
  5. Effect = "Allow"
  6. Principal = "*"
  7. Actions = "DeleteObject", "GetObject", "PutObject"
  8. ARN = "arn:aws:s3:::<bucket_name>/*" (replace <bucket name> with name of your bucket)
  9. Click on "Add Statement"
  10. Click on "Generate Policy"
  11. Copy/paste the policy into the "Bucket Policy Editor" window from Step 3
  12. Click on "Save"
  13. Click on the "Permissions" link and click on "Add more permission"
  14. Set Grantee to "Authenticated Users" and select "List", "Upload/Delete" and click "Save"

Your S3 Bucket Policy should look something like this:

{
    "Id": "Policy1416357168632",
    "Statement":
    [
        {
            "Sid": "Stmt1416357166911",
            "Action":
            [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws:s3:::suthan-s6/*",
            "Principal":
            {
                "AWS":
                [ 
                    "*"
                ]
            }
        }
    ]
}

Configure your IAM User:

  1. Click on "Services" > "IAM" in the top left corner of the page
  2. Click on "Users" in the navigation panel to the left of the page
  3. Click on the user name of interest
  4. Click on the "Permissions" tab
  5. Click on "Attach User Policy"
  6. Click on "Policy Generator" then click on "Select"
  7. Set AWS Service to "Amazon S3"
  8. Set Actions to "DeleteObject, GetObject, PutObject"
  9. Set ARN to "arn:aws:s3:::<bucket_name>/*"
  10. Click on "Add Statement"
  11. Click on "Next Step"
  12. Click on "Apply Policy"

Your IAM User Policy should look something like this:

{
    "Version": "2012-10-17",
    "Statement":
    [
        {
            "Sid": "Stmt1416355601000",
            "Effect": "Allow",
            "Action":
            [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource":
            [
                "arn:aws:s3:::suthan-s6/*"
            ]
        }
    ]
}

Acquiring your credentials:

You will need to provide the following information in the final step of the Team Server installation wizard.

  • Access/Secret Key: IAM User Access/Secret Keys can be found in the credentials spreadsheet you downloaded when you created your IAM User.
  • Bucket Name: Name of the S3 bucket you created.
  • Endpoint: The URL for your S3 bucket. Your endpoint will vary depending on which region you chose for your bucket.

Now you are ready to set up your Team Server to use your Amazon S3 bucket for storage.

Powered by Zendesk