☁️Use AWS S3

Prerequisites:

Creating your bucket and configuring access:

  1. Log in to the AWS Console

  2. In the AWS Console search "S3" and select the S3 service

  3. Enter a Bucket Name and select an AWS region

  4. Leave Object Ownership as (ACLs disabled)

Depending on your use case you may want the NFT metadata to be private but, for most use cases you will want the data to be publicly available.

  1. If you want the metadata and assets to be publicly available uncheck "Block all public access" and check the acknowledgement confirming you are aware that objects will be public as such:

  1. For most use cases you can leave bucket versioning disabled

  2. Add a Tag to easily identify a bucket when organizing them or tracking costs:

  1. For most use cases, you can disable Bucket encryption as such:

  1. Open the newly created bucket by clicking on the bucket name

  2. Open the "Permissions" tab

  3. Find the "Bucket policy" section and select Edit

The next step will configure all objects in the created bucket to be publicly accessible with read permissions.

Be sure you want this for your particular use case

  1. Enter the following bucket policy (Replace "BUCKET-NAME" with your bucket name)

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicRead",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:GetObjectVersion",
                "s3:GetObjectVersionAcl"
            ],
            "Resource": "arn:aws:s3:::BUCKET-NAME/*"
        }
    ]
}

The bucket contents are now publicly available.

Next, we will create a new IAM User with the appropriate permissions to access the bucket programmatically

  1. In the AWS Console, Search "IAM" and select the "IAM" service

  2. On the left side, Select Users

  3. Enter a username and click Next

  4. Select Add user to group and create a group

  1. Provide a group name for the project and press Create user group.

  2. Now check the newly created user group and press next.

  1. Review the user details and confirm the user was added to the group and click create user.

  2. On the left side navigate to User groups

  3. Select the newly created user group and navigate to the "Permissions" tab

  4. From the dropdown on the right labeled Add permissions, Select Create inline policy

  5. Select the tab labeled JSON and add the following policy to the group:

REPLACE "YOUR-BUCKET-NAME" with the name of your s3 bucket

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "S3ObjectAccess",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME/*",
                "arn:aws:s3:::YOUR-BUCKET-NAME"
            ]
        }
    ]
}
  1. Select Review Policy

  2. Enter a name for this policy and review that the policy has list, read and write access to S3.

  3. Click Create policy

  4. Now Navigate back to 'Users' and select the user you created.

  5. Click on the tab labeled "Security Credentials"

  1. Scroll down to Access keys and select "Create access key"

  1. Select "Application running outside AWS and press next

  1. Provide a description tag to easily identify this key later and click create Access Key

  2. Make a copy of your access key and secret to integrate into X-Tokenize

Be sure to store your access key and secret in a safe place or you can risk the integrity of your AWS account and your metadata.

FINISHED!

Last updated