Documentation
In order to setup this addon you will need to have an AWS account. If you do not have an AWS account do not purchase this addon.
Your server must have the mbstring extension installed (check your environment page.)
I cannot and will not assist with the setup of of the S3 bucket or the generation of credentials. Amazon provides plenty of documentation on how to do this.
How to set-up S3 bucket IAM policy To setup the addon you will need 3 pieces of information.
Bucket Name Access Key Access Secret If you do not have all three of these the addon will not function.
There are two optional settings:
AWS Region - You can set an option region for S3 Link Expiry - With a properly configured bucket, you can make it so that links to files expire. In order for images to be edited using concrete5's built in image editor, you must be running concrete5.7.5.3+, and you must set the appropriate CORS policy on the S3 bucket.
For the actual policies required for this addon to function (v3.0+):
s3:ListBucket s3:GetBucketLocation s3:PutObject s3:GetObject s3:DeleteObject s3:PutObjectAcl
ACL Enabled
As of add-on version 3.3.1, when you create a bucket, please make sure to set ACLs enabled although AWS is recommending to disable it.
This is due to the older design of this add-on. We'll be updating it to remove the requirement in near future.
Please see AWS official documentation: "6. Under Object Ownership" in Step 1: Creating your S3 bucket.
IAM User Policy Sample
Here is sample IAM User policy. Please replace "[S3 bucket]" to the name of your S3 bucket
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ListObjectsInBucket", "Effect": "Allow", "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::" ], }, { "Sid": "AllObjectActions", "Effect": "Allow", "Action": [ "s3:Object", "s3:PutObjectAcl", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::[S3 Bucket]/", ], }, { "Sid": "2", "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::[S3 Bucket]/", } ] }