AWS Configuration

If you want to connect to S3 or DynamoDB, you need to do a few things in AWS first:

Create a new IAM user

Go to IAM and create a new user - Internal will connect through this user account. Give it a name that reflects what it's for (Ex: "internal-s3-uploader" or "internal-app"). If you want to connect both S3 and DynamoDB, you can do it on a single user account (just make sure it has both S3 and DynamoDB permissions).

Set the access type to "Programmatic access" only.

On the next page, you'll grant permissions to this user.

For S3: You can give it full S3 permissions (fastest way) or create a new policy for this user that will further restrict access.

For DynamoDB: You can use the following policy to give the appropriate permissions.

Configure CORS (S3 only)

In order to use the S3 file upload component and allow file uploads from a web browser, you need to do the following steps.

1. Log into the AWS Management Console.
2. Click Services and select S3.
3. Choose the bucket to enable CORS.
4. In the right-hand panel, click Permissions.
5. Click Edit CORS Configuration.
6. Enter this JSON and click Save Changes.

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://secure.internal.io"
        ],
        "ExposeHeaders": [
            "x-amz-server-side-encryption",
            "x-amz-request-id",
            "x-amz-id-2"
        ],
        "MaxAgeSeconds": 3000
    }
]

Get credentials

Finally, you'll need to get the credentials needed for this IAM user - the access key ID and secret access key. To get more information on how to get these credentials, visit the Amazon page here.

S3 Bucket Listing and User Policies

In order to allow for read-only access for S3 buckets which are strictly controlled, you'll need to add a policy explicitly allowing "list" access for AWS users you'll use via Internal. The config looks like this: