BeeFree.io's documentation reference: https://help.beefree.io/hc/en-us/articles/212522605-Configuring-your-own-AWS-S3-bucket-to-work-with-BEE-Plugin
This will add security and limit the impact in case keys are leaked.
In the AWS Console, go to IAM -> Policies and click Create Policy. I named my policy BeeFreeS3Access
.
It will be easiest to just edit the JSON directly. NOTE: Change the value of BUCKET_NAME
to your bucket.
NOTE The BeeFree docs say you only need read/write permission but you also need ListBucket
permissions so the editor can show you files available to use.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "BeeFreePermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME",
"arn:aws:s3:::BUCKET_NAME/*"
]
}
]
}
Create a new user, make sure to select Programmatic access
to get the keys and do not select AWS Management Console access
.
On the next screen, select Select Existing Policies Directly
and choose the policy you created above by name.
On the next screen, download the credentials for this user. You will need this later.
If you haven't already created the bucket, go ahead and do so. Do not add any special or public availability options.
Once the bucket is created, in the AWS Console, select that bucket and click on the Permissions
tab.
Now click on Bucket Policy
and add the following. This will grant public read-only permissions.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadForGetBucketObjects",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::BUCKET_NAME/*"
}
]
}
A screenshot is attached to this Gist. Fill in the appropriate bucket name, ACCESS_KEY and SECRET_KEY.
The Images and Thumbnail paths should just be the name without any leading or trailing /
You should have a successful test following these instructions.
Things to watch out for
- copy/pasting an extra space in any of the fields.