How to set up S3 to use with shopify - not sure of policies to use etc
Hi. I am really new to this. I have a Shopify store and need to import product media using a spreadsheet and URLs for the media. I was told to use AWS S3. I have followed the instructions I could find, but I can't find or don't understand what kind of policy or how to set things up correctly so that I can get and use URLs from S3 for my images to supply to shopify so my product images will show up in my store.
I was directed to a support document online by Matrixify: https://matrixify.app/tutorials/bulk-import-images-shopify-from-computer/#UsetheAmazonS3bucketformediahosting You will notice on that page, after they have told you to create your bucket and get your access keys, they start giving all sorts of directions instructing you to use the CrossFTP application. I didn't get that far bc i couldn't get access keys. It looks confusing so i hope there is a better way. I have tried to follow that along with the AWS S3 instructions and i am just totally confused. This is what I have done so far:
- I have created an account
- I have created a bucket
- I have tested that I can load media
- I have created a bucket policy as per the directions in the aforementioned support document (i copied and pasted the policy from this page: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket)
- I was then directed to the following page: https://objectivefs.com/howto/how-to-get-amazon-s3-keys
- That is where i began getting confused.
- Anyway, I set up a user in IAM and that user in under my 'group'
- From here i was directed to create an access key.
- This where i had to stop because i am not sure at all what type of policy would be used in order to accomplish my goal of getting media URLs to use in my Shopify products.
- sending some screenshots of what i have so far...
I am sorry this is so long but i wanted to be sure to give you all relevant information. Any help you can provide will be very much appreciated. Regards, Michelle
- Newest
- Most votes
- Most comments
Option 1: Using Cloudfront to make the objects in your bucket publicly accessible
Is it ok for the files you are importing to be publicly accessible? If so, you don't need to worry about using IAM access keys. Instead, you can use Cloudfront to create an HTTP frontend for the objects in your S3 bucket, which you can then access via a normal web browser (or provide a list of URLs to shopify to import). All of the objects in your bucket will be accessible at a url like https://d1v23457bee.cloudfront.net/object-name.jpg.
To set that up:
- go to https://us-east-1.console.aws.amazon.com/cloudfront/v4/home
- Click 'Create Distribution'
- For the 'Origin Domain', click the dropdown and select your S3 bucket
- For 'Origin Access Control', choose "Origin access control settings (recommended)", then click "Create Control Setting"
- Click 'Enable Security Protections'
- Leave all other settings as default, then click 'Create Distribution'
The distribution will be created (it might take a few minutes). At the top of the screen you will see a yellow bar with a 'Copy Policy' button. Click that to copy an S3 Bucket Policy to your clipboard.
Also, make a note of your cloudfront domain - it will be something like https://d1v23457bee.cloudfront.net/
- Now navigate to your s3 bucket at https://s3.console.aws.amazon.com/s3/home.
- Click on your bucket name, then the 'Permissions' tab.
- In the 'Bucket Policy' section, click 'Edit' then paste in your policy.
- Click 'Save Changes'.
Now all objects in your bucket are accessible via your Cloudfront domain.
Option 2: Giving access to your S3 bucket via an IAM User
IAM users in AWS are entities that you can grant permissions to. One of the ways you can authenticate as a user is by using an access key and secret key comibination (sort of like a user/pass). This is generally not recommned because its not good practice to create long-lived credentials - temporary credentials are preferred.
However, some software integrations expect an IAM access key for their integration. In that case, there's two things you need do:
- Create an access key and secret key for your IAM user.
This part should be pretty easy, you have got most of the way already.
- Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home
- Click on the user you would like to generate keys for
- Click 'Security Credentials'
- Select 'Third Party Service', then click 'Next.
- Add any notes to the description tag if you'd like, then click 'Next'
- Make a note of the Access key and Secret Access Key on the next page. Note that the secret access key will never be shown again, so you need to save it somewhere.
- Click 'Done' - then you can use those keys in your application.
- Add permissions to the user to access your bucket.
- Click on your user again, but this time click 'Add Permissions', then 'Create Inline Policy'
- In the policy builder, search for 's3', then click on it
- Open the 'Read' section of the permissions, and select 'GetObject'. Open the 'List' section, and select 'ListBucket'
- Under resources, for 'bucket' enter the name of your bucket in the top text box. Then click 'Add ARNs'.
- Under resource, for 'object', enter the name of your bucket in the top text box, then click 'Any object name'
- Click 'Next', then give the policy a name, then click 'Create Policy'.
Now, systems using your secret key and access key will be able to access objects in your bucket. Good luck!
Running into a snag.... telling me i need to update my S3 bucket policy?
Hey - I got a little farther!! I am at the point where, in your instructions, you give this direction: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home Click on the user you would like to generate keys for Click 'Security Credentials' Select 'Third Party Service', then click 'Next. I don't see a "third party service" option?..
Attaching what i see on my screen at the point where i should see the third party access... I cut out the spaces/text between the service names to make the attachment a little smaller. Additional support would be greatly appreciated :)! I don't see a "third party" option
I don't think the image will show up in this comment area so i posted in the answer section so you could see it. Will i get in trouble for doing that?
Hey - I got a little farther!! I am at the point where, in your instructions, you give this direction: Navigate to https://us-east-1.console.aws.amazon.com/iamv2/home Click on the user you would like to generate keys for Click 'Security Credentials' Select 'Third Party Service', then click 'Next. I don't see a "third party service" option?..
Attaching what i see on my screen at the point where i should see the third party access... I cut out the spaces/text between the service names to make the attachment a little smaller. Additional support would be greatly appreciated :)! I don't see a "third party" option
for some reason my image isn't showing up.... maybe you can use this in your browser? https://www.dropbox.com/t/fwvLG8ptmLEp1jkJ
Relevant content
- asked 4 months ago
- asked 6 months ago
- asked 13 days ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
Hi - can't add an image here so i sent it in a new message...
this never showed up: The distribution will be created (it might take a few minutes). At the top of the screen you will see a yellow bar with a 'Copy Policy' button. Click that to copy an S3 Bucket Policy to your clipboard. Also, make a note of your cloudfront domain - it will be something like https://d1v23457bee.cloudfront.net/