===== S3 storage =====

==== Configuration ====

PMA.core is one of the few vendors that [[https://www.prweb.com/releases/pathomation_announces_support_for_cloud_storage_and_file_transfer_protocol_ftp_servers/prweb18296771.htm|supports cloud storage natively]]. 

Let's say that you have an S3 bucket and put slides in it:

{{ ::rootdir_s3_10.png?direct&400 |}}

To protect access, you should create a dedicated entity that can only access that content.

{{ ::rootdir_s3_20.png?direct&400 |}}

You can then create a pair of dedicated access / secret keys for the new entity:

{{ :rootdir_s3_30.png?direct&400 |}}

These keys are then used to configure the S3 mounting point at the PMA.core side:

{{ :rootdir_s3_40.png?direct&400 |}}

The mounting point only functions when the provided credentials are still active on the S3 storage side. If not, an error message ensues:

{{ :rootdir_s3_50.png?direct&400 |}}

If all is well, you can now browse your slides directly from your S3 content.

{{ :rootdir_s3_60.png?direct&400 |}}

==== IAM AWS Role policies ====

As of version 3.1, PMA.core also supports IAM AWS Role policies. An EC2 Instance with the appropriate IAM Role that provides access to any S3 Resource (as described in [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html|
IAM Roles for EC2]] is required. 

In this EC2 Instance any PMA.core 3.1 instance assumes this IAM Role for any requests to Amazon S3. Specifically  you can add new [[rootdir|Amazon S3 Root Directory]] leaving the **access key and the secret Key empty**. Any requests to Amazon S3 will be automatically authenticated via the IAM Role that the EC2 instance has, and provide access like normal

==== See also ====

[[rootdir_security|Root directory security overview]]