Configure the DAM JCR S3 submodule

To store asset binaries in S3, configure the DAM JCR S3 module to connect Magnolia to your AWS S3 bucket. Asset metadata is stored in the dam JCR workspace.

This is a technical preview of version 5.0.0-beta1 of the DAM module, referred to as DAM 5. This preview is intended for testing and evaluation purposes only and must not be used in production environments.

To learn more or to request access for testing, contact us at dam5.feedback@magnolia-cms.com.

To configure the module, you must:

  • Install the required module versions.

  • Set up AWS IAM policy permissions.

  • Provide connection credentials for AWS S3.

Prerequisites

Make sure you have at least the following modules installed:

AWS IAM Policy

Make sure that you have acquired appropriate permissions for the service in the AWS IAM Management Console.

AWS IAM Policy

Minimum required permissions

To use Magnolia DAM with AWS S3, the following permissions are required.

  • s3:GetObject

  • s3:PutObject

  • s3:DeleteObject

  • s3:HeadObject

  • s3:CopyObject

For more information about these permissions, see the Amazon documentation Actions defined by Amazon S3 page.

Your S3 bucket must have versioning enabled. For more information, see the Amazon documentation Enabling versioning on buckets page.
Policy example
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowS3Operations",
            "Effect": "Allow",
            "Action": [ (1)
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:HeadObject",
                "s3:CopyObject",
            ],
            "Resource": "*"
        }
    ]
}
1 Grant access for the S3 bucket and object-level permissions.

Configure the dam-jcr-s3 module

  1. Stop Magnolia.

  2. Provide the following required properties, either in your WEB-INF/config/default/magnolia.properties file or using MicroProfile Config:

    magnolia.properties
    dam.core.binary.strategy=s3 (1)
dam.core.binary.s3.bucket-name=<your-S3-bucket-name> (2)
dam.core.binary.s3.region=<your-s3-region> (3)
dam.core.binary.s3.access-key=<your-access-key> (4)
dam.core.binary.s3.secret-key=/<your-secret-key> (4)
    1 The binary storage strategy you want to implement, in this case s3 (note the lower case s).
    2 The name of the S3 bucket where you store your asset binaries. Make sure the bucket you use has versioning enabled.
    3 A label designating a regional endpoint to which the image recognition service connects, such as eu-central-1. For a list of available regions and labels, see AWS: Regional endpoints.
    4 Specific AWS credentials. See the AWS credentials section below.
    You can inject these values using MicroProfile Config, which supports environment variables, or JVM system properties` file.

  3. Restart Magnolia.

AWS credentials

Credentials consist of:

  • AWS access key ID

  • AWS secret access key

You can provide specific AWS credentials to connect AWS to Magnolia DAM.

magnolia.properties
dam.core.binary.s3.access-key=<your-access-key>
dam.core.binary.s3.secret-key=/<your-secret-key>

To generate keys, go to the the security credentials section of the Amazon IAM Management Console. In the navigation bar on the upper right, choose your user name, and then choose My Security Credentials.

If you don’t provide them, the DAM defaults to global AWS environment credentials.

aws.accessKeyId (or AWS_ACCESS_KEY_ID environment variable)
aws.secretAccessKey (or AWS_SECRET_ACCESS_KEY environment variable)
Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DAM module docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules