Custom S3 Buckets
Purple uses AWS to store contents for all apps by default. The default storage location is in Europe (eu-west-1) and is distributed by AWS Cloudfront as it's CDN.
There may be reasons why you would want to manage your storage yourselves:
- Your consumers are located in different parts of the world. To reduce latencies it may be beneficial to have your S3 storage in a different region
- You want to keep track of the costs for the content delivery
- Your internal or external policies require you to manage the storage yourself
- Creation of Amazon Polly TTS (Text-to-Speech) files, used in the app for the readmode.
Purple supports this by allowing you to configure the storage for your team.
We offer an official Terraform module which takes care of configuring all the necessary resources automatically.
There are only a handful parameters you need to provide. The module will setup an
- S3 bucket
- AWS Cloudfront distribution
- Lambda@Edge with Tachyon for dynamic image resizing
- and optionally an AWS ACM certificate for the Cloudfront distribution, if you want to use a custom CDN domain.
The following example sets up a bucket in eu-central-1 and configures cdn.example.com as the Cloudfront domain.
Example
Once this configuration was applied using Terraform, you can configure the custom bucket in the Purple Manager like this:
Configuration | Value |
|---|---|
Bucket Access Key | module.purple_files.s3_access_key |
Bucket Secret Key | module.purple_files.s3_secret_key |
Bucket Name | module.purple_files.s3_bucket_id |
Bucket Base Directory | leave empty |
Bucket Region | eu-central-1 |
Cloudfront URL | module.purple_files.cloudfront_distribution_domain_name or value of cloudfront_domain |
Cloudfront Access Key | module.purple_files.cloudfront_public_key_id |
If the setup of the custom S3 bucket should be done by sprylab, the following information is needed:
- AWS Console login with admin privileges (IAM user with admin policy or AWS root user)
- For AWS root user: we need the email and password
- NOTE: There should not be any 2FA/MFA configured while we perform the initial setup
- For AWS IAM user: we need the username and password for an IAM user that has the AWSAdministrator policy attached
“When you first create an Amazon Web Services (AWS) account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS account root user and is accessed by signing in with the email address and password that you used to create the account.”