How to create S3 storage in AWS to be used with Mosaic services

Storage with AWS S3

This guide describes how to create a bucket in Amazon S3. You can use the bucket with Axinom Encoding as an input and/or output storage.

To create an AWS bucket:

  1. On the s3 AWS Console, click create bucket.

    aws create bucket
    Figure 1. Start creating a bucket
  2. During the bucket creation you should use unique name, proper AWS region and deselect all Block all public access, agree the acknowledge of the public access and create the bucket.

    aws create bucket initial
    Figure 2. Bucket initial settings
  3. Created bucket is not public yet. To make it properly accessed: open the bucket, go to permissions and click Edit in Bucket policy section

    aws bucket permissions
    Figure 3. Bucket permissions
  4. Add a new policy. The json to be added:

        "Version": "2012-10-17",
        "Statement": [
                "Sid": "PublicReadGetObject",
                "Effect": "Allow",
                "Principal": "*",
                "Action": "s3:*",
                "Resource": "{bucket_arn}/*"

    Use Bucket ARN in the Resource. And if there is no any Errors, push Save changes.

    aws bucket policy
    Figure 4. Bucket policy
  5. As a result bucket should have Publicly accessible tag

    aws bucket public
    Figure 5. Bucket permissions
  6. To make it available for a player usage Cross-origin resource sharing (CORS) has to be updated in the corresponded section under bucket permissions. Allowed Origins should contain list of the players URL which are ging to use the bucket. Save changes.

    aws bucket cors
    Figure 6. Bucket CORS
  7. Once the bucket is ready, additional user with correct access should be added in Amazon, which credential are needed to set up the Acquisition Profile. Go to Identity and Access Management (IAM)UsersAdd users

    aws iam users
    Figure 7. IAM Add User
  8. Create User with proper permissions. Type User name and select Access key - Programmatic access

    aws iam set user details
    Figure 8. IAM Set user details

    Set permissions to the user by `Attach existing policies directly`and then Create policy

    aws iam attach policy
    Figure 9. IAM Create Policy

    Use Json editor and copy paste the object with Previously created pubic bucket name:

        "Version": "2012-10-17",
        "Statement": [
                "Sid": "AccessForEncoding",
                "Effect": "Allow",
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::{previously_created_public_bucket_name}"
    aws iam create policy json
    Figure 10. IAM create policy

    Add any tag if needed. We suggest adding some for the more convenient management in future.

    aws iam policy tag
    Figure 11. IAM create policy

    Check the necessary info about the new policy, name it properly (understandable name) and create a new policy. Once it’s created check that access of the policy is correct.

    aws iam policy finish creation
    Figure 12. IAM Finish the creation
    aws policies check
    Figure 13. IAM double check the created policy
  9. Continue with a new user creation and select new created policy after refresh the list of locies.

    aws iam select created policy
    Figure 14. IAM new user select policy
  10. Add any tag if needed. We suggest adding some for the more convenient management in future.

    aws iam user tags
    Figure 15. IAM user tags
  11. Review New User and push Create user

    aws iam user review
    Figure 16. IAM user review

    As a result you will get user’s credentials. Both Access key ID and Secret access key should be copied and used for the Acquisition Profile setup.

    Secret Access Key is not be visible once the page will be closed. Store it securely for the further usage.
    aws iam user creds
    Figure 17. IAM user credentials