Link copied to clipboard!
Mobile navigation button - closed state

Set up a custom S3 bucket

To have Cord upload annotation screenshots to your own S3 bucket, you’ll need to provide us with the bucket name and bucket region, as well as an access key ID and secret access key for an IAM User with read + write + list permissions on that bucket. Follow this guide on how to get them.


1

Create the S3 bucket

Create bucket

Go to AWS Console - S3 and click the “Create bucket” button.

Choose a name and a region for your bucket. Copy both of these values, as you will need them in future steps, as well as to send them to the Cord team.

Make sure you leave the “Block all public access” ticked.

2

Enable CORS on the S3 bucket

Open the details for the bucket you just created, navigate to the Permissions tab, then scroll down until you see the “Cross-origin resource sharing (CORS)” section.

Click Edit paste this configuration object into the text area, then click Save.

  • [
      {
        "AllowedHeaders": ["*"],
        "AllowedMethods": ["GET", "POST", "PUT", "DELETE", "HEAD"],
        "AllowedOrigins": ["*"]
      }
    ]
3

Create a custom IAM policy

Create custom policy

Set bucket ARN

Set object ARN

Finish custom policy

Go to AWS Console - IAM Policies and click the “Create Policy” button. Under Service choose “S3”.

Under Actions > Access Level tick the “Read” and “Write” permissions, as well as, in the “List” category, tick the “ListBucket” action.

Next, click on Resources and it will open a list of restriction categories.

First, limit bucket operations to the bucket, by clicking “Add ARN to restrict access” on the bucket row. In the popup that appears, write the bucket name and click “Add”.

Next, limit object operations to the bucket, by clicking “Add ARN to restrict access” on the object row. In the popup that appears, again write the bucket name, then tick the “Any” checkbox next to “Object name”, and click “Add”.

Finally, give the policy a name like “S3ReadAndWriteToCordScreenshotsBucketOnly” and save it.

4

Create an IAM user

Create IAM user

Go to AWS Console - IAM Users and click the “Add users” button.

Giveit a name and tick “Programmatic access” only — this is for APIs.

IAM user policy

On the next page go to “Attach existing policies directly”, search and select the newly created policy from step 2. Finish creating the user, leaving the defaults for the rest of the steps.

Select the user from the user list. Click the “Security credentials” tab. Here you can manage access keys for the user. You will need two pieces of information from here:

  • the Access Key ID
  • the Secret Access Key

(If you’re doing this to rotate secrets, you will already see the old Access Key ID in the list).

IAM user security credentials

Click on “Create access key”. This will open a popup with the access key ID and secret

Copy both of these values, as you will need to send them to the Cord team.

IAM user access key

Send the details to the Cord team

Now that you have the bucket name, bucket region, access key ID, and secret access key, send an email or Slack message to your contact at Cord so that they can finish setting this up for you.


Learn more