Start a conversation

Setting up your own S3 bucket (AWS)

SyncSketch enables you to use your own S3 bucket for added security and convenience for Enterprise Accounts.  


To use your own bucket you need to:

  1. Create your own bucket
  2. Set CORS settings
  3. Set up an IAM role to access the bucket


1. Create your own bucket:

Please create a bucket in your AWS console. You can find all the information on how to set up a bucket here: 

https://docs.aws.amazon.com/AmazonS3/latest/user-guide/create-bucket.html

Make sure that the bucket is private by blocking all public access, which is the default. We also recommend turning on the encryption option for your S3 bucket as well as the logging. 


2. Set CORS settings

Once you have created a bucket you need to enable Cross Origin Resource Sharing (CORS) so SyncSketch can access the files. Don't worry - we are creating signed URLs to access data in your S3 bucket which have an expiration time and a unique hash which gets regenerated every time. To enable CORS please follow the instructions to enable CORS:

 https://docs.aws.amazon.com/AmazonS3/latest/user-guide/add-cors-configuration.html 

and use the following settings: 

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>       <AllowedOrigin>https://*.syncsketch.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
<CORSRule>      
    <AllowedOrigin>https://syncsketch.com</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>


3. Set up an IAM role to access the bucket

SyncSketch needs limited read and write access to your bucket so we can upload your items and read from it in our application. AWS uses IAM roles to control access to its resources so you need to create a new IAM user for SyncSketch. This also allows you to further restrict access in the future. 

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

Once you have created your IAM please send the API key and secret for the user to  support@syncsketch.com using a service like:

https://www.saltify.io/ or https://www.producthunt.com/posts/1ty-me

Your API information will be stored encrypted and used safely in our backend without ever exposing it outside our very secure AWS virtual private cloud.


That's it. Once we have everything installed, all your information will be stored directly in your bucket and be under your control. If you have any other questions regarding the setup of the S3 bucket, please send us an email at support@syncsketch.com.





Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Philip Floetotto

  2. Posted
  3. Updated

Comments