Storage: S3

storage:
  type: s3
  region:
  bucket:
  # prefix:
  # aws_access_key: # aws credentials (optional); If omit, default configuration of aws-sdk use will be used.
  #   access_key_id:
  #   secret_access_key:
  #   session_token:
  # use_kms: true
  # kms_key_id: # KMS key id (optional); if omit, default AWS managed key for S3 will be used
  # kms_key_id_account: # KMS key id for account key (optional); This overrides kms_key_id
  # kms_key_id_certificate_key: # KMS key id for private keys for certificates (optional); This oveerides kms_key_id
  # pkcs12_passphrase: # (optional) Set passphrase to generate PKCS#12 file (for scripts that reads S3 bucket directly)
  # pkcs12_common_names: ['example.org'] # (optional) List of common names to limit certificates for generating PKCS#12 file.

This saves certificates and keys in the following S3 keys:

{prefix}/account.pem: Account private key in pem
{prefix}/certs/{common_name}/current: text file contains current version name
{prefix}/certs/{common_name}/{version}/cert.pem: certificate in pem
{prefix}/certs/{common_name}/{version}/key.pem: private key in pem
{prefix}/certs/{common_name}/{version}/chain.pem: CA chain in pem
{prefix}/certs/{common_name}/{version}/fullchain.pem: certificate + CA chain in pem. This is suitable for some server softwares like nginx.

IAM/KMS Policy

docs/vendor/aws.md: IAM and KMS key policies, and some tips

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

s3.md

s3.md

Storage: S3

IAM/KMS Policy

Files

s3.md

Latest commit

History

s3.md

File metadata and controls

Storage: S3

IAM/KMS Policy