/
AWS Configuration

AWS Configuration

If you want to connect to S3 or DynamoDB, you need to do a few things in AWS first:

Create a new IAM user

Go to IAM and create a new user - Internal will connect through this user account. Give it a name that reflects what it's for (Ex: "internal-s3-uploader" or "internal-app"). If you want to connect both S3 and DynamoDB, you can do it on a single user account (just make sure it has both S3 and DynamoDB permissions).

Set the access type to "Programmatic access" only.

On the next page, you'll grant permissions to this user.

For S3: You can give it full S3 permissions (fastest way) or create a new policy for this user that will further restrict access.

For DynamoDB: You can use the following policy to give the appropriate permissions.

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Sid": "Items",
           "Effect": "Allow",
           "Action": [
               "dynamodb:PutItem",
               "dynamodb:DescribeTable",
               "dynamodb:DescribeGlobalTable",
               "dynamodb:DeleteItem",
               "dynamodb:GetItem",
               "dynamodb:Scan",
               "dynamodb:Query",
               "dynamodb:UpdateItem"
           ],
           "Resource": "arn:aws:dynamodb:*:*:*"
       },
       {
           "Sid": "Tables",
           "Effect": "Allow",
           "Action": [
               "dynamodb:ListGlobalTables",
               "dynamodb:ListTables"
           ],
           "Resource": "*"
       }
   ]
}

Configure CORS (S3 only)

In order to use the S3 file upload component and allow file uploads from a web browser, you need to do the following steps.

Open up the S3 bucket --> Permissions tab and then click CORS configuration. Paste in the code below:

<?xml version="1.0" encoding="UTF-8"?>
<corsconfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"></corsconfiguration>
<corsrule></corsrule>
   <allowedorigin>https://*.internal.io</allowedorigin>
   <allowedmethod>PUT</allowedmethod>
   <allowedmethod>POST</allowedmethod>
   <allowedmethod>DELETE</allowedmethod>
   <allowedheader>*</allowedheader>

<corsrule></corsrule>
 <allowedorigin>*</allowedorigin>
 <allowedmethod>GET</allowedmethod>

Get credentials

Finally, you'll need to get the credentials needed for this IAM user - the access key ID and secret access key. To get more information on how to get these credentials, visit the Amazon page here.