Configure AWS S3 bucket for remote storage

The Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. The AWS S3 service uses buckets, or containers, for data storage. This configuration requires you to create a private bucket.

Magento highly discourages the use of public buckets because it poses a serious security risk.

To enable remote storage with the AWS S3 adapter:

  1. Log in to your Amazon S3 dashboard and create a private bucket.

  2. Set up AWS IAM roles. Alternatively, generate access and secret keys.

  3. Configure Magento to use the private bucket. See Remote storage options for a full list of parameters.

    1
    
    bin/magento setup:config:set --remote-storage-driver="aws-s3" --remote-storage-bucket="<bucket-name>" --remote-storage-region="<region-name>" --remote-storage-prefix="<optional-prefix>" --access-key=<optional-access-key> --secret-key=<optional-secret-key> -n
    

Configure Nginx

Nginx requires an additional configuration to perform Authentication with the proxy_pass directive. Add the following proxy information to the nginx.conf file:

nginx.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
    # Proxying to AWS S3 storage.
    resolver 8.8.8.8;
    set $bucket "<s3-bucket-name>";
    proxy_pass https://s3.amazonaws.com/$bucket$uri;
    proxy_pass_request_body off;
    proxy_pass_request_headers off;
    proxy_intercept_errors on;
    proxy_hide_header "x-amz-id-2";
    proxy_hide_header "x-amz-request-id";
    proxy_hide_header "x-amz-storage-class";
    proxy_hide_header "Set-Cookie";
    proxy_ignore_headers "Set-Cookie";
}

Authentication

If you use access and secret keys instead of AWS IAM roles, you must include the ngx_aws_auth Nginx module.