Amazon AWS NOP: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
-Go to aws.amazon.com and log in using Amazon credentials.<br/> | -Go to aws.amazon.com and log in using Amazon credentials.<br/> | ||
-Once logged in, go to "Services" and click "S3" under the "Storage" section.<br/> | -Once logged in, go to "Services" and click "S3" under the "Storage" section.<br/> | ||
-Click "Create Bucket".<br/> | -Click "Create Bucket". NOTE: There will be 3 buckets to create.<br /> | ||
-Set "Bucket name" to "pdx-(companyname)-store-1". replace "(companyname").<br/> | -Set "Bucket name" to "pdx-(companyname)-store-1". replace "(companyname").<br /> | ||
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".<br/> | -Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".<br /> | ||
-Disable "Block all public access".<br/> | -Disable "Block all public access".<br /> | ||
-Click "Create Bucket".<br/> | -Click "Create Bucket".<br/> | ||
<br/> | <br/> | ||
| Line 24: | Line 24: | ||
-Click "Create Bucket". | -Click "Create Bucket". | ||
-In | |||
-You will need to create a third bucket. | |||
-Click "Create Bucket". | |||
-Set "Bucket name" to "pdx-(companyname)-customer-images". replace "(companyname"). | |||
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred". | |||
-Disable "Block all public access". | |||
-Click "Create Bucket". | |||
-In all the buckets you will want to edit and apply both the Bucket Policy and CORS.<br /> | |||
-Click the "Permissions" tab.<br /> | -Click the "Permissions" tab.<br /> | ||
-Click the "Edit" button in the "Bucket Policy" section.<br /> | -Click the "Edit" button in the "Bucket Policy" section.<br /> | ||
Revision as of 18:02, 20 February 2024
Adding Amazon S3 Bucket:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" and click "S3" under the "Storage" section.
-Click "Create Bucket". NOTE: There will be 3 buckets to create.
-Set "Bucket name" to "pdx-(companyname)-store-1". replace "(companyname").
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".
-Disable "Block all public access".
-Click "Create Bucket".
-Select the new bucket.
-Create a new folder called "backofficemedia".
-You will need to create a second bucket.
-Click "Create Bucket".
-Set "Bucket name" to "pdx-(companyname)-productimages". replace "(companyname").
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".
-Disable "Block all public access".
-Click "Create Bucket".
-You will need to create a third bucket.
-Click "Create Bucket".
-Set "Bucket name" to "pdx-(companyname)-customer-images". replace "(companyname").
-Under "Object Ownership" select "ACLs enabled" and "Bucket owner preferred".
-Disable "Block all public access".
-Click "Create Bucket".
-In all the buckets you will want to edit and apply both the Bucket Policy and CORS.
-Click the "Permissions" tab.
-Click the "Edit" button in the "Bucket Policy" section.
-Copy and paste the following policy. Replace "(companyname)".
NOTE: Make sure to include both { } brackets
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::pdx-(companyname)-store-1/*",
"arn:aws:s3:::pdx-(companyname)-store-1"
]
}
]
}
-Save the new policy
-Click the "Edit" button in the "Cross-origin resource sharing (CORS)" section.
-Copy and paste the following CORS policy.
NOTE: Make sure to include both [ ] brackets
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": [],
"MaxAgeSeconds": 3000
}
]
-Save the new CORS policy.
Adding Amazon S3 IAM Users:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" (top left next to the search bar) and Click "IAM" under the "Security, Identity, & Compliance" section.
-Click "Users" on the left hand menu, then click "Add Users".
-Set the username as "nop-admin" and select the "Access key" AWS access type, then click the "Next: Permissions" button on the bottom.
-Click "Attach existing policies directly", then click "Create policy".
-Click the "JSON" tab and replace the default text with the following policy. Replace "(companyname)".
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "NopAdministratorAccessPolicy",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::pdx-(companyname)-store-1/*",
"arn:aws:s3:::pdx-(companyname)-store-1"
]
}
]
}
-Click "Next: Tags", then click "Next: Review".
-Set the name field as "NopAdministratorAccess" and click "Create Policy".
-Go back to the add user page, refresh the table, and search for the "NopAdministratorAccess" policy and select it.
-Click "Next: Tags", then click "Next: Review".
-Both the Access key and the Secret key should be viewable but if not you'll need to download the csv to get the keys.
-Go to the clients "Settings" sql server table.
-Execute the following queries after replacing "(accesskey)" and "(secretkey)" with their respective key values.
UPDATE Setting SET
Value = (accesskey)
WHERE Name = 'pdxbackofficesettings.adminaccesskey'
AND StoreId = 0
UPDATE Setting SET
Value = (secretkey)
WHERE Name = 'pdxbackofficesettings.adminsecretkey'
AND StoreId = 0
Adding Amazon CloudFront distributions:
-Go to aws.amazon.com and log in using Amazon credentials.
-Once logged in, go to "Services" (top left next to the search bar) and Click "CloudFront" under the "Networking & Content Delivery" section.
-Click "Create distribution".
-Set Origin domain to the bucket you are creating the distribution for. (this should automatically update the Name field to match but if it doesn't then copy the Origin domain value to Name)
-Set Viewer protocol policy to "Redirect HTTP to HTTPS".
-Click "Create Distribution".