Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
BeeFree.io AWS S3 Bucket - User and Permissions

Details of how I configured our AWS Account to interact with BeeFree

BeeFree.io's documentation reference: https://help.beefree.io/hc/en-us/articles/212522605-Configuring-your-own-AWS-S3-bucket-to-work-with-BEE-Plugin

Create a separate IAM User and Custom Policy

This will add security and limit the impact in case keys are leaked.

Create the Policy

In the AWS Console, go to IAM -> Policies and click Create Policy. I named my policy BeeFreeS3Access. It will be easiest to just edit the JSON directly. NOTE: Change the value of BUCKET_NAME to your bucket.

NOTE The BeeFree docs say you only need read/write permission but you also need ListBucket permissions so the editor can show you files available to use.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "BeeFreePermissions",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::BUCKET_NAME",
                "arn:aws:s3:::BUCKET_NAME/*"
            ]
        }
    ]
}

Create the User and Attach to the Policy

Create a new user, make sure to select Programmatic access to get the keys and do not select AWS Management Console access.

On the next screen, select Select Existing Policies Directly and choose the policy you created above by name.

On the next screen, download the credentials for this user. You will need this later.

Create the Bucket

If you haven't already created the bucket, go ahead and do so. Do not add any special or public availability options.

Once the bucket is created, in the AWS Console, select that bucket and click on the Permissions tab.

Now click on Bucket Policy and add the following. This will grant public read-only permissions.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadForGetBucketObjects",
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"
        }
    ]
}

Now Setup BeeFree from the developer console

A screenshot is attached to this Gist. Fill in the appropriate bucket name, ACCESS_KEY and SECRET_KEY.

The Images and Thumbnail paths should just be the name without any leading or trailing /

Test from the developer console.

You should have a successful test following these instructions.

Things to watch out for

  • copy/pasting an extra space in any of the fields.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BeeFreePermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME",
"arn:aws:s3:::BUCKET_NAME/*"
]
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::BUCKET_NAME/*"
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.