Private S3 Connection

You may configure your own connection to an AWS S3 bucket where your generated report data will be stored.

To set this up, the following information is necessary:

  • User Access Key ID
  • Access secret
  • S3 bucket name
  • Region
  • Expiration Limit (in hours) for the Presigned URL - a value between 1 and 168

Create a IAM role in AWS

First, create a new IAM role with “programmatic access” and “AmazonS3FullAccess” permission.

Note down the users Access Key ID and Secret.

Configure the bucket in AWS

  • Create an AWS S3 bucket in a region of your choice.
  • Enable AES256 encryption
  • Assign the following permission to the previously created user:
  • Objects: Read/Write permission
  • Object permission: Read/Write permission
  • Add the following information to your S3 bucket policy (replace “your_bucket_name” with your actual bucket name):
{
    "Version": "2012-10-17",
    "Id": "PushMetricsS3BucketPolicy",
    "Statement": [
        {
            "Sid": "AllowEKSAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::133737826969:user/pushmetrics"
            },
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test-private-bucket-pm/*",
                "arn:aws:s3:::test-private-bucket-pm"
            ]
        }
    ]
}