Getting Amazon S3 To Work With Odrive

I've become a huge fan of odrive lately. Odrive is like the Dropbox client, but it lets you sync to just about any cloud service. Examples include Dropbox, Box, Amazon Drive, Slack(!), and my personal favorite: Amazon S3.

In other words, you can have a directory on your hard drive mirrored into S3, so that any changes made are uploaded straight to S3. From there, you can do things like enabling access logging or encryption. All very neat stuff.

When connecting to Amazon S3, you'll need an Access Key and a Secret Access Key. You do NOT want to use the default ones that came with your account, as they have full access to everything that is on Amazon Web Services. Instead, you want to create a key that has access limited just to your S3 bucket. This blog post will explain how exactly to do that.

First, you'll want to create a new S3 bucket, create an IAM user, and then give that user an Access Key/Secret Access Key pair.

With all that done, you'll want to add a policy to that user. The policy will limit that user's access ONLY to the S3 bucket which you have created. That's done by choosing to add an "inline policy" for a user, and then selecting "custom" policy. Finally, paste in this JSON:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::yourusername-odrive"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::yourusername-odrive/*"
            ]
        }
    ]
}

The first statement allows the user to view the names of all buckets that exist for that account. The second statement allows the user to view the contents of that bucket, along with determining what region the bucket is in. The final statement allows full access to create, get, and delete objects (and by "objects" I mean "files", in case there is any confusion).

It may take a few seconds for the statement to take effect (distributed systems and consensus are fun like that...), but once it does, you can then enter those credentials into Odrive and create a new share.

I hope this post is helpful to anyone else who is trying to set up S3 in Odrive. Feel free to share any feedback in the comments below!

-- Doug

5
Average: 5 (1 vote)
Your rating: None