AWS S3 Integration

AWS S3 Integration

1. S3 Bucket

On your S3 Bucket, edit the Cross-origin resource sharing (CORS) in the Permissions tab with the following policy:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://lab.isahit.com",
            "https://work.isahit.com"
        ],
        "ExposeHeaders": []
    }
]

2. Access Point

Create an access point for Isahit Lab in your S3 bucket. See Creating access points.

⚠️

Enable Internet access but block public access.

3. IAM policy

Find the ARN of your access point and your bucket name.

Access Point: arn:aws:s3:eu-west-3:090500400301:accesspoint/isahit-lab-access-point Bucket: my-bucket

Create a policy according to the following example (replace the values in bold):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-bucket",
              	"arn:aws:s3:::my-bucket/*",
                "arn:aws:s3:eu-west-3:090500400301:accesspoint/isahit-lab-access-point",
              	"arn:aws:s3:eu-west-3:090500400301:accesspoint/isahit-lab-access-point/*"
            ]
        }
    ]
}

4. IAM role

Create a Role or alternatively attach newly created policy to an existing one.

  • Select AWS account as entity type
  • Select Another AWS account and paste the isahit account ID: 999888496268
  • Tick the Require external ID checkbox.
  • Paste the role external id created previously in the Isahit Lab integration
image
ℹ️

The External ID is an additional security feature which ensures that isahit cannot accidentally access your data in a context other than that for which you have granted access.

The selected trusted entities should look like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Principal": {
                "AWS": "090680223052"
            },
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "a6fa9c7f-7f53-4a41-812d-a29f48288a94"
                }
            }
        }
    ]
}

Attach the previously created policy to the role.

Your access point in now ready to be used in your isahit lab project

← Previous

Annotation Review

Next →

MFA

👉
https://www.isahit.com

Footer Social Icons

© isahit 2022