Amazon AWS NOP

From Prodigix Wiki
Jump to navigation Jump to search

Adding Amazon S3 Bucket:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" and click "S3" under the "Storage" section.
-Click "Create Bucket". NOTE: There will be 3 buckets to create.
-Set "Bucket name" to "pdx-(companyname)-store-1". replace "(companyname"). NOTE: The company name will need to be the full Company name being displayed by the "pdxcoresettings.companyname" setting name.
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".
-Disable "Block all public access".
-Click "Create Bucket".

-Select the new bucket.
-Create a new folder called "backofficemedia".


-You will need to create a second bucket.

-Click "Create Bucket".

-Set "Bucket name" to "pdx-(companyname)-productimages". replace "(companyname").

-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".

-Disable "Block all public access".

-Click "Create Bucket".


-You will need to create a third bucket.

-Click "Create Bucket".

-Set "Bucket name" to "pdx-(companyname)-customer-images". replace "(companyname").

-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".

-Disable "Block all public access".

-Click "Create Bucket".


-In all the buckets you will want to edit and apply both the Bucket Policy and CORS.
-Click the "Permissions" tab.
-Click the "Edit" button in the "Bucket Policy" section.
-Copy and paste the following policy. Replace "(companyname)".

NOTE: Make sure to include both { } brackets
{ 

   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "PublicReadGetObject",
           "Effect": "Allow",
           "Principal": "*",
           "Action": [
               "s3:GetObject",
               "s3:ListBucket"
           ],
           "Resource": [
               "arn:aws:s3:::pdx-(companyname)-store-1/*",
               "arn:aws:s3:::pdx-(companyname)-store-1"
           ]
       }
   ]

}

-Save the new policy
-Click the "Edit" button in the "Cross-origin resource sharing (CORS)" section.
-Copy and paste the following CORS policy.

NOTE: Make sure to include both [ ] brackets
[ 

   {
       "AllowedHeaders": [
           "*"
       ],
       "AllowedMethods": [
           "GET",
           "PUT",
           "POST",
           "DELETE"
       ],
       "AllowedOrigins": [
           "*"
       ],
       "ExposeHeaders": [],
       "MaxAgeSeconds": 3000
   }

]

-Save the new CORS policy.



Adding Amazon S3 IAM Users:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" (top left next to the search bar) and Click "IAM" under the "Security, Identity, & Compliance" section.
-Click "Users" on the left hand menu, then click "Add Users".
-Set the username as "nop-admin" and select the "Access key" AWS access type, then click the "Next: Permissions" button on the bottom.
-Click "Attach existing policies directly", then click "Create policy".
-Click the "JSON" tab and replace the default text with the following policy. Replace "(companyname)".

{ 

   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "NopAdministratorAccessPolicy",
           "Effect": "Allow",
           "Action": [
               "s3:GetObject",
               "s3:ListBucket",
               "s3:PutObject"
           ],
           "Resource": [
               "arn:aws:s3:::pdx-(companyname)-store-1/*",
               "arn:aws:s3:::pdx-(companyname)-store-1"
           ]
       }
   ]

}

-Click "Next: Tags", then click "Next: Review".
-Set the name field as "NopAdministratorAccess" and click "Create Policy".
-Go back to the add user page, refresh the table, and search for the "NopAdministratorAccess" policy and select it.
-Click "Next: Tags", then click "Next: Review".
-Both the Access key and the Secret key should be viewable but if not you'll need to download the csv to get the keys.
-Go to the clients "Settings" sql server table.
-Execute the following queries after replacing "(accesskey)" and "(secretkey)" with their respective key values.

You will also need to update additional keys by heading into the Admin section, configuration-->Settings-->All Settings, search for Secret and Access.

Update the Company name in the All Settings, this company name will be the same name you used for the s3 buckets setup.

There will be 6 in total to update including the 2 in the update statements below.

UPDATE Setting SET
Value = (accesskey)
WHERE Name = 'pdxbackofficesettings.adminaccesskey'
AND StoreId = 0

UPDATE Setting SET
Value = (secretkey)
WHERE Name = 'pdxbackofficesettings.adminsecretkey'
AND StoreId = 0

After saving all the settings you will need to create a User Group within the IAM--> User Groups area.

You will create the group using the name of the group "NopUsers", Add the user "nop-admin" and add the policy called "NopAdministratorAccess". then create the group.


Adding Amazon CloudFront distributions:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" (top left next to the search bar) and Click "CloudFront" under the "Networking & Content Delivery" section.
-Click "Create distribution".
-Set Origin domain to the bucket you are creating the distribution for. (this should automatically update the Name field to match but if it doesn't then copy the Origin domain value to Name)
-Set Viewer protocol policy to "Redirect HTTP to HTTPS".
-Click "Create Distribution".

Retrieved from "https://wiki.prodigix.com/index.php?title=Amazon_AWS_NOP&oldid=342"