For customers on our Zight for Business, you have the ability to use your own custom AWS buckets to store your team's Zight Drops.
To set this up, you need an S3 bucket and a set of AWS keys with read/write permission for it. Below are instructions on how to configure this for Zight.
List of contents:
- Video of all the Steps
- Create your S3 bucket
- Setup Cors
- Setup the IAM policy
- Setup the IAM group
- Setup the IAM user and creating kets
- Pairing keys in your admin -> Storage resources
Create your S3 bucket
Create an S3 bucket in your AWS account as described here.
When creating the bucket, under the Object Ownership section, select ACLs Enabled and turn off Block All Public Access as shown below:
Setting up CORS
- Once the bucket is created, go to the bucket’s Permissions Section and click Edit on the CORS configuration.This is the minimum CORS policy you need:
[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "HEAD", "POST", "PUT"],
"AllowedOrigins": ["*"],
"ExposeHeaders": ["etag"]
}
]
If you are also using a custom share domain, you may need to include an additional AllowedOrigin line in the json. it will end up looking something like this:
[
{
"AllowedHeaders": ["*"],
"AllowedMethods": ["GET", "HEAD", "POST", "PUT"],
"AllowedOrigins": ["*", "share.customdomain.com"],
"ExposeHeaders": ["etag"]
}
]
Setting up the Policy in the AIM system
With the bucket created we need to generat e API keys that can access the bucket. We will do this with AWS IAM.
- The first step is to create the policy. Navigate to the Policy section of the IAM site and click Create Policy:
- The second step will be pasting our JSON(you can find it below the next image)
Be sure to replacezight-demo-bucket
with your bucket name
- On the next screen give the policy a name and optional description then click Create Policy
-
Json from the image in step 2:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:PutObjectAcl",
"s3:ListBucketVersions",
"s3:DeleteObjectVersion"
],
"Resource": [
"arn:aws:s3:::zight-demo-bucket/*",
"arn:aws:s3:::zight-demo-bucket"
]
}
]
}
Setting up the Group that will use the above policy in the AIM system
-
With the policy created, go to the "users group" section and click Create Group
-
Next, set the group name, attach the policy and click "Create Group"
Setting up the User we will assign to the group above and creating the key
- Now we create a user and add them to this group. Go to the Users section and select Add User
- Now give the user a name and choose the programmatic access option and then click the Next: Permissions button
- Select your group from the list and click next
- Skip past the next screen by hitting Next,Make sure everything looks right and then click Create User
- Navigate the user you create and click "Create access key"
- Select "third party service" and click "next".
- Set a description tag and click "Create Access Key"
- Retrieve your Access key and Secret
Setting up versioning for the item versioning system to be enabled:
- Go in the properties section for your bucket and click "Edit":
- Click the enable option and click "save the changes"
Now with your bucket and keys created, we need to enter them in your Zight account.
- Go to Settings
- Storage Resources
- Select Amazon S3 storage
- Enter in your details
- Click Add Bucket (if you get an error, please be sure the previous steps were correctly followed)
- Hit Submit for S3.
Comments
0 comments
Please sign in to leave a comment.