Lowdefy
v3.17.2/Connections/Amazon S3/

Amazon S3

AWS S3 is a file or data storage solution, provided by Amazon Web Services. S3 does not work like a traditional file system, data is stored as objects in a collection of objects called a bucket. Objects can be read from S3 and stored in S3 using web requests. These objects can be public or private. You can read more here.

Lowdefy integrates with AWS S3 using presigned links. These are links that are authorized to give access to private objects, or that allow you to create new objects, and that expire after a certain amount of time. This allows you to upload or download directly from S3 from the browser.

A guide to creating and connecting to an S3 bucket is given at the bottom of this page.

Connections

Connection types:

  • AwsS3Bucket

AwsS3Bucket

The AwsS3Bucket connection is used to connect to a AWS S3 bucket. AWS S3 is the file storage solution provided by Amazon Web services.

Properties

  • accessKeyId: string: Required - AWS IAM access key id with s3 access.
  • secretAccessKey: string: Required - AWS IAM secret access key with s3 access.
  • region: string: Required - AWS region bucket is located in.
  • bucket: string: Required - S3 bucket name.
  • read: boolean: Default: true - Allow reads from the bucket.
  • write: boolean: Default: false - Allow writes to the bucket.

Examples

Read and writes on a bucket:
connections:
  - id: my_bucket
    type: AwsS3Bucket
    properties:
      accessKeyId:
        _secret: S3_ACCESS_KEY_ID
      secretAccessKey:
        _secret: S3_SECRET_ACCESS_KEY
      region: eu-west-1
      bucket: my-bucket-name
      write: true

Environment variables:

LOWDEFY_SECRET_S3_ACCESS_KEY_ID = AKIAIOSFODNN7EXAMPLE
LOWDEFY_SECRET_S3_SECRET_ACCESS_KEY = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Requests

Request types:

  • AwsS3PresignedGetObject
  • AwsS3PresignedPostPolicy

AwsS3PresignedGetObject

The AwsS3PresignedGetObject request is used to get a download link for an object in AWS S3. The link provided by this request can be opened using the Link action.

Properties

  • versionId: string: VersionId used to reference a specific version of the object.
  • expires: number: Number of seconds for which the policy should be valid.
  • key: string: Required - Key (or filename) under which object will be stored. If another file is saved with the same key, that file will be overwritten, so a random string in this field is probably needed.
  • responseContentType: string: Sets the Content-Type header of the response.
  • responseContentDisposition: string: Sets the Content-Disposition header of the response.

Examples

Download a pdf and open in a new tab:
requests:
  - id: my_file_link
    type: AwsS3PresignedGetObject
    connectionId: my_bucket_connection
    properties:
      key: pdf-filename-as4dacd.pdf
      responseContentType: application/pdf

        ...
        blocks:
          - id: getFileButton
            type: Button
            events:
              onClick:
                - id: open_file
                  type: Link
                  params:
                    url:
                      _request: my_file_link
                    newTab: true

AwsS3PresignedPostPolicy

The AwsS3PresignedPostPolicy request is used to create a policy that allows a file to be uploaded to AWS S3. This is used by a block like the S3Uploadbutton to upload a file.

Properties

  • acl: enum: Access control lists used to grant read and write access.
    • private
    • public-read
    • public-read-write
    • aws-exec-read
    • authenticated-read
    • bucket-owner-read
    • bucket-owner-full-control
  • conditions: object[] | string[][]: Conditions to be enforced on the request. An array of objects, or condition arrays. See here.
  • expires: number: Number of seconds for which the policy should be valid.
  • key: string: Required - Key (or filename) under which object will be stored. If another file is saved with the same key, that file will be overwritten, so a random string in this field is probably needed.

Examples

Upload a file with user filename and random id:
- id: my_post_policy
  type: AwsS3PresignedPostPolicy
  connectionId: my_bucket_connection
  properties:
    key:
      _nunjucks:
        template: uploads/{{filename}}-{{uid}}
        on:
          filename:
            _args: filename
          uid:
            _args: filename

Creating a bucket

Step 1 - Create an AWS account

Go to the AWS homepage and create an account if you don't already have one. you can find more information here.

Step 2 - Create an S3 bucket
  1. Once logged in, search for S3 in the search box.
  2. Click 'Create Bucket'
  3. Choose a name and AWS region for your bucket
  4. Continue creating the bucket with any extra settings is needed.
  5. Make sure the 'Block all public access' box is ticked if you don't want to allow public access.
  6. Click 'Create Bucket'
Step 3 - Set the CORS settings for your bucket

CORS, or Cross-Origin Resource Sharing is a security feature that is used to restrict web applications from accessing resources from different origins, or domain names. To allow your Lowdefy app to access the contents of the bucket, you need to add a CORS rule on the bucket that authorizes your app

  1. Click on you bucket.
  2. Click on the 'Permissions' tab.
  3. Click on the 'CORS Configuration' tab.
  4. Paste this configuration and save (Fill in your own Lowdefy domain name).
[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "*"
        ],
        "AllowedOrigins": [
            "https://YOUR_LOWDEFY_DOMAIN_HERE"
        ],
        "ExposeHeaders": []
    },
]
Step 4 - Create an IAM user

IAM is the AWS identity and access management system. This can be used to give very granular access permissions. We will create a programmatic user that has the rights to read and write objects in the Bucket.

  1. In the 'Services' dropdown in the header, search for 'IAM'.
  2. Click on 'Users' in the menu on the left.
  3. Click 'Add User'
  4. Choose a descriptive name for the user.
  5. Choose programmatic access and click next.
  6. Choose 'Attach existing policies directly'.
  7. Choose 'Create Policy'.
  8. Choose the JSON tab and paste the following (Fill in your own bucket name):
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": ["arn:aws:s3:::YOUR_BUCKET_NAME_HERE"]
        },
        {
            "Sid": "AllObjectActions",
            "Effect": "Allow",
            "Action": "s3:*Object",
            "Resource": ["arn:aws:s3:::YOUR_BUCKET_NAME_HERE/*"]
        }
    ]
}
  1. Choose review policy and save.
  2. In your previous tab, refresh and search for the policy you just created. Attach it to the user.
  3. Click next, review and create the user.
  4. Set the access key id and secret access key in your Lowdefy secrets store.