Connect a Simple Storage Service (S3) System¶
Simple Storage Service (S3) is used with Amazon Web Services (AWS) for example. In addition or as alternative to MongoDB, the files uploaded by SEAL Operator can be stored in S3.
Here, the configuration settings in AWS S3 concerning SEAL Operator are described in brief. For other S3 systems, refer to the correspondent documentation.
Afterwards, the configuration in SEAL Operator is described.
Set Up and Configure a AWS S3 System for SEAL Operator¶
To configure the storage for the file upload the following items are required:
-
an S3 bucket where the files will be stored
-
an index and access management (IAM) service user with access to the S3 bucket, its access key and secret
Hint - AWS account
If you do not have an AWS account, go to https://aws.amazon.com/ and create one. This will be the root (admin) of AWS. Using its access keys is not recommended. Create a specific IAM service user instead as described below.
Create the S3 Bucket¶
-
Search for the
S3
service and create a bucket with the following settings:-
Name
: This will be the root of the filestore. Therefore, specify a meaningful name, for example,seal-operator-fileupload
. -
Region
: Select one closest to you, for example,EU (Frankfurt) eu-central-1
). -
Default encryption
: EnableAmazon S3 key (SSE-S3)
.
-
Create the Access Policy¶
First, create a policy that gives access to only the S3 bucket created before.
-
Search for the
IAM
service. -
Open the
Policies
tab and create a new one. -
Copy & paste the following policy JSON structure. Replace
<bucket_name>
by the name specified for the S3 bucket above, for example,seal-operator-fileupload
:{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:CreateBucket", "s3:ListBucket", "s3:DeleteObject", "s3:DeleteBucket" ], "Resource": [ "arn:aws:s3:::<bucket_name>", "arn:aws:s3:::<bucket_name>/*" ] }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*" } ] }
-
Save the policy under a recognizable name, for example,
SealFilestoreS3Policy
.
Hint - reuse
The permissions policy can be reused for other users.
Create the IAM Service User¶
Next, create the IAM service user and assign the policy to it.
-
Search for the
IAM
service. -
Open the
Users
tab. -
Create a user with the following settings:
-
name
: Specify the name of the user, for example,seal-filestore-service-user
. -
AWS credential type
: SelectAccess key - Programmatic access
. -
In the permissions tab, select
Attach existing policies directly
and search for the policy created before. -
Create the user. Save its access key and secret for specifying it later in the configuration of SEAL Operator (
S3_ACCESS_KEY_ID
,S3_SECRET_ACCESS_KEY
)
Caution - do not leave the dialog!
Do not leave the dialog before saving the information. Once you leave this dialog, you won't be able to access the secrets again. Make sure to copy them now. (If you miss to copy them now, you have to generate new ones and mark the old ones as inactive.)
-
Configure the S3 Connector¶
In SEAL Operator, activate the connector and specify the keys for the connection:
-
Open a Command Prompt or PowerShell.
-
Export the complete configuration of SEAL Operator from Consul to a YAML file with the following command. So you're making sure the current configuration settings are being used.
operator config export <filename>.yml --insecure
-
Edit the exported file
<filename>.yml
. -
In the section for the S3 connector, set
cstatus
toon
.operator: connectors: ... s3: cstatus: 'on' serviceName: operator-s3 ...
-
In the
env
section, specify the following keys for theoperator-s3
service:-
FILESTORE_TYPE
: type how the content of the uploaded files is stored, heres3
-
S3_ACCESS_KEY_ID
: ID of the access key to the S3 system as configured in the S3 system -
S3_SECRET_ACCESS_KEY
: secret of the access key to the S3 system as configured in the S3 system -
S3_BUCKET
: name of the S3 bucket as configured in the S3 system -
S3_REGION
: S3 region as configured in the S3 system -
MONGO_FILEUPLOAD_URL
: URL of the MongoDB for file uploads -
DEFAULT_FILEUPLOAD_PANEL
: path to the JSON schema file containing the configuration of the panel
env: service: ... operator-s3: tag: any: FILESTORE_TYPE: s3 S3_ACCESS_KEY_ID: '<s3_access_key_id>' S3_SECRET_ACCESS_KEY: '<s3_secret_access_key>' S3_BUCKET: 'seal-operator-fileupload' S3_REGION: 'eu-central-1' MONGO_FILEUPLOAD_URL: 'mongodb://<mongodb_server>:27017/operator-s3' DEFAULT_FILEUPLOAD_PANEL: '/code/lib/defaultConfig/s3-panel.json' ...
Literature - keys
For further information about available keys, refer to the Key Reference.
-
-
Save the
<filename>.yml
file. -
Re-import the configuration to Consul.
operator config import <filename>.yml --insecure
!!! hint "Hint - change panel name in panel.json"
Changing the S3 panel name to `My Cloud` for example is recommended to avoid confusions. You can do that by editing the correcponding S3 configuration file `panel.json`.
For the file location of the `panel.json`, refer to [Directories and Files under Windows](../reference/directories_and_files/directories_and_files_windows.md) or [Directories and Files under Linux](../reference/directories_and_files/directories_and_files_linux.md).