Configure the DAM JCR S3 submodule
To store asset binaries in S3, configure the DAM JCR S3 module to connect Magnolia to your AWS S3 bucket.
Asset metadata is stored in the dam
JCR workspace.
This is a technical preview of version To learn more or to request access for testing, contact us at dam5.feedback@magnolia-cms.com. |
To configure the module, you must:
-
Install the required module versions.
-
Set up AWS IAM policy permissions.
-
Provide connection credentials for AWS S3.
Prerequisites
Make sure you have at least the following modules installed:
-
dam
5.0.0-beta1
, including thedam-jcr-s3
submodule -
Optional:
image-recognition
3.0.0-beta1
AWS IAM Policy
Make sure that you have acquired appropriate permissions for the service in the AWS IAM Management Console.
Minimum required permissions
To use Magnolia DAM with AWS S3, the following permissions are required.
-
s3:GetObject
-
s3:PutObject
-
s3:DeleteObject
-
s3:HeadObject
-
s3:CopyObject
For more information about these permissions, see the Amazon documentation Actions defined by Amazon S3 page.
Your S3 bucket must have versioning enabled. For more information, see the Amazon documentation Enabling versioning on buckets page. |
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowS3Operations",
"Effect": "Allow",
"Action": [ (1)
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject",
"s3:HeadObject",
"s3:CopyObject",
],
"Resource": "*"
}
]
}
1 | Grant access for the S3 bucket and object-level permissions. |
Configure the dam-jcr-s3
module
Decorate the module configuration to add the following properties to the dam-jcr-s3/config.yaml
file:
dam.core.binary.strategy=s3 (1)
dam.core.binary.s3.bucket-name=<your-S3-bucket-name> (2)
dam.core.binary.s3.region=<your-s3-region> (3)
dam.core.binary.s3.access-key=<your-access-key> (4)
dam.core.binary.s3.secret-key=/<your-secret-key> (4)
1 | The binary storage strategy you want to implement, in this case s3 (note the lower case s). |
2 | The name of the S3 bucket where you store your asset binaries. Make sure the bucket you use has versioning enabled. |
3 | A label designating a regional endpoint to which the image recognition service connects, such as eu-central-1 .
For a list of available regions and labels, see AWS: Regional endpoints. |
4 | Specific AWS credentials. See the AWS credentials section below. |
AWS credentials
Credentials consist of:
-
AWS access key ID
-
AWS secret access key
You can provide specific AWS credentials to connect AWS to Magnolia DAM.
dam.core.binary.s3.access-key=<your-access-key>
dam.core.binary.s3.secret-key=/<your-secret-key>
To generate keys, go to the the security credentials section of the Amazon IAM Management Console. In the navigation bar on the upper right, choose your user name, and then choose My Security Credentials.
If you don’t provide them, the DAM defaults to global AWS environment credentials.
aws.accessKeyId (or AWS_ACCESS_KEY_ID environment variable)
aws.secretAccessKey (or AWS_SECRET_ACCESS_KEY environment variable)