AWS S3

S3 newbie setup instructions - AWS S3

S3 newbie setup instructions

by Walther » Tue Oct 10, 2017 3:04 pm

Totally new to Amazon S3 services, this extension is unworkable.

Just referring to some amazon docs is not going to cut it and will keep this extension low profiled and the user baffled with information overload. :shock:
(especially if English is not the native language of the user using (or wanting to use) this extension)

An instruction, including how to make an user and assign a good policy-group for this extension is a -must-, that is, if the developer wants the user of this extension as enthusiastic as he himself is.

Till then:
- Local filesystems are dead. nope
- Remote filesystems are the future. not for the average John Doe
- Cloud is the new normal. not for the average John Doe
- Death to the monolith! náh...at least it works without a NASA training in ICT (or so it feels)!


Would love to go with this extension, but not if it contains 5 full days of studying and trial-&-error pasting of access keys and so on, still no working extension and not even sure anymore if all is save/secure on the S3 ; :( eyes are burning and have a day job (and life) too.
phpBB 3.3.10 -- PHP 7.4.33 -- CentOs7 vps
User avatar
Walther
Registered User
Posts: 301
Joined: Fri Jul 09, 2004 5:21 pm
Location: The Netherlands

Re: S3 newbie setup instructions

by austin881 » Wed Oct 11, 2017 2:19 pm

Sorry you're having troubles; I can certainly understand your frustration with the steep learning curve of AWS and S3 especially. The intention of the this extension is not necessarily to teach you how to use remote filesystems like S3, it assumes a degree of previous knowledge of AWS. Perhaps I should have been more clear in the description of this extension, it assumes you are already familiar with S3 and you are already running workloads on the AWS cloud.

With all that said, I know S3 pretty well and would be happy to offer assistance in that regard. Is there a specific question you have or a particular area you are struggling with? Would an S3 bucket policy example help you?
Available for paid phpBB help! PM me.

My Extensions/MODS: 475 Narius Categorized Smilies for phpBB3, Simplified & Compacted All-Members page, Flash Animated Cumulus Tag Cloud, "Hello" Name Tag of Newest User, AWS S3
phpBB portfolio: chevy truck forum, chevy astro van forum
User avatar
austin881
Registered User
Posts: 287
Joined: Wed Jan 30, 2008 9:58 pm
Location: Texas, USA
Name: Austin Maddox

Re: S3 newbie setup instructions

by Walther » Wed Oct 11, 2017 5:31 pm

I think a S3 policy example would be very helpfull, if not for me then at least for other users who want to enable the force-of-the-cloud :)

Also: what with attachments which are already posted before this extension is installed and enabled?
Is there a possibility to mass-upload/sync them straight from the server running the phpbb forum, and setting the right permissions to the files?
phpBB 3.3.10 -- PHP 7.4.33 -- CentOs7 vps
User avatar
Walther
Registered User
Posts: 301
Joined: Fri Jul 09, 2004 5:21 pm
Location: The Netherlands

Re: S3 newbie setup instructions

by austin881 » Fri Oct 13, 2017 9:27 pm

Sample S3 policy...

Code: Select all

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:ListAllMyBuckets",
                "s3:ListBucket",
                "s3:PutObject",
                "s3:PutObjectACL"
            ],
            "Resource": [
                "arn:aws:s3:::yourbucketname",
                "arn:aws:s3:::yourbucketname/*"
            ]
        }
    ]
}
An even more permissive policy, should you just want to open up all actions on a particular bucket...

Code: Select all

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::yourbucketname",
                "arn:aws:s3:::yourbucketname/*"
            ]
        }
    ]
}
These could be applied directly as a "Bucket policy" in S3, or you can create a more general IAM policy for an IAM user or role.

At this time this extension does not help with existing attachments. A mass-upload/sync tool would likely need to be an additional stand-alone extension.
Available for paid phpBB help! PM me.

My Extensions/MODS: 475 Narius Categorized Smilies for phpBB3, Simplified & Compacted All-Members page, Flash Animated Cumulus Tag Cloud, "Hello" Name Tag of Newest User, AWS S3
phpBB portfolio: chevy truck forum, chevy astro van forum
User avatar
austin881
Registered User
Posts: 287
Joined: Wed Jan 30, 2008 9:58 pm
Location: Texas, USA
Name: Austin Maddox

Re: S3 newbie setup instructions

by Walther » Sat Oct 14, 2017 5:20 pm

thanks, i'm gonna give it a shot, think i gave the bucket user full-admin-rights now :oops:
austin881 wrote: At this time this extension does not help with existing attachments. A mass-upload/sync tool would likely need to be an additional stand-alone extension.
hmm, maybe a 'fallback' system then.
If file not found in S3 bucket, then fall back to the forum/files map (so the attachments keep working) and upload the attachments shown to the S3 bucket so they'll will be found the next time the thread or posting is shown. :idea:
It kinda automatically syncs the S3 bucket over time, nice and easy :)
phpBB 3.3.10 -- PHP 7.4.33 -- CentOs7 vps
User avatar
Walther
Registered User
Posts: 301
Joined: Fri Jul 09, 2004 5:21 pm
Location: The Netherlands

Re: S3 newbie setup instructions

by dinukaj » Mon Aug 05, 2019 3:41 am

Iam running my phpbb forum on an ec2 instance and I have installed the S3 plugiin.
Is there a way of using the IAM role attached to the ec2 instance to access the s3 bucket or do we have to generate a pair of keys and configure the s3
I prefer using the Iam role attached to the ec2 instance to authenticate with s3
dinukaj
Registered User
Posts: 1
Joined: Mon Aug 05, 2019 3:33 am

Re: S3 newbie setup instructions

by austin881 » Wed Aug 07, 2019 7:25 pm

That is an interesting idea, dinukaj. This extension would need to be modified to use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from environment variables instead of from the database. The EC2 instance role should have the AWS creds in the environment variables. Shouldn't be too difficult to accomplish, really. If env vars exist, use them, else, get them from the database.

Interested in submitting a Pull Request? :D :geek:
Available for paid phpBB help! PM me.

My Extensions/MODS: 475 Narius Categorized Smilies for phpBB3, Simplified & Compacted All-Members page, Flash Animated Cumulus Tag Cloud, "Hello" Name Tag of Newest User, AWS S3
phpBB portfolio: chevy truck forum, chevy astro van forum
User avatar
austin881
Registered User
Posts: 287
Joined: Wed Jan 30, 2008 9:58 pm
Location: Texas, USA
Name: Austin Maddox