View Attach (9) Info

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
png
 S3_VFS_config.png 143.0 kB 2 20-May-2025 04:42 krivacsz
png
 S3_bucket_info.png 99.3 kB 1 05-Dec-2023 05:32 Sandor
png
 assume_create_role_final_check... 119.7 kB 1 07-Oct-2024 07:25 krivacsz
png
 assume_role_entity_type.png 94.2 kB 1 07-Oct-2024 07:16 krivacsz
png
 assume_role_s3_access.png 140.2 kB 1 07-Oct-2024 07:20 krivacsz
png
 assume_role_user_permission_po... 103.9 kB 1 07-Oct-2024 07:36 krivacsz
png
 assume_role_vfs_settings.png 183.7 kB 2 07-Oct-2024 08:02 krivacsz
png
 create_assume_role.png 84.5 kB 1 07-Oct-2024 07:14 krivacsz
png
 s3_ec2_general_settings.png 30.1 kB 1 20-May-2025 03:50 krivacsz

This page (revision-119) was last changed on 24-Jun-2025 01:34 by krivacsz

This page was created on 05-Dec-2023 05:32 by Sandor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Difference between version and

At line 3 changed one line
The __Amazon S3 REST API__ provides a comprehensive set of HTTP operations for managing and interacting with objects and buckets in Amazon S3. [Amazon S3 API Reference Link|https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html]\\
The __Amazon S3 REST API__ provides a comprehensive set of HTTPS operations for managing and interacting with objects and buckets in Amazon S3. [Amazon S3 API Reference Link|https://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html]\\
At line 11 added 5 lines
\\
Amazon S3 can be configured in CrushFTP using __Access Key Authentication__ [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.1AccessKeyAuthentication], __EC2 IAM Authentication__ [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.2AmazonEC2IAMAuthenticationSupport], or __Assume Role__ authentication [Link|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-2.AccessAmazonS3UsingAssumeRole].\\
\\
!1.1 Access Key Authentication\\
\\
At line 17 changed one line
}}}
}}}\\
At line 19 changed 3 lines
!1.1 Access Key Authentication\\
\\
To authenticate using standard Amazon S3 credentials:\\
To access S3, you must authenticate using standard AWS credentials:\\
At line 34 added 2 lines
Ensure that your __S3 permissions are correctly configured__ as described in [1.3 Required S3 IAM Policy Permissions|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.3RequiredS3IAMPolicyPermissions], and then configure the S3 Remote VFS item as described in [1.4 S3 Remote VFS Settings|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.4S3RemoteVFSSettings].\\
\\
At line 34 changed 2 lines
• Set the S3 Username to: __iam_lookup__\\
• Set the S3 Password to: __lookup__\\
• Set the S3 Remote [VFS] -> Username to: __iam_lookup__\\
• Set the S3 Remote [VFS] -> Password to: __lookup__\\
At line 41 changed one line
• __Enable IMDSv2__: [IMDS (Instance Metadata Service) v2 Link|https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configure-IMDSv2.html] is the more secure version of the metadata endpoint used by EC2 instances to retrieve IAM role credentials. Enabling this option ensures that CrushFTP uses token-based access to the metadata service, protecting against SSRF attacks and adhering to AWS security best practices. ⚠️ Always enable IMDSv2 unless your instance or security policies require legacy IMDSv1.\\
• __Enable IMDSv2__: __IMDS (Instance Metadata Service) V2__ is the more secure version of the metadata endpoint used by EC2 instances to retrieve IAM role credentials. Enabling this option ensures that CrushFTP uses token-based access to the metadata service, protecting against SSRF attacks and adhering to AWS security best practices.\\
__⚠️ Important:__ Always enable IMDSv2 unless your instance or security policies require legacy IMDSv1.\\
At line 53 added 2 lines
Ensure that your __S3 permissions are correctly configured__ as described in [1.3 Required S3 IAM Policy Permissions|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.3RequiredS3IAMPolicyPermissions], and then configure the S3 Remote VFS item as described in [1.4 S3 Remote VFS Settings|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.4S3RemoteVFSSettings].\\
\\
At line 56 added 3 lines
----
__❗Troubleshooting__: An __AccessDenied__ error in the logs typically indicates missing permissions. Verify that all required IAM policies are correctly attached to the user or role.\\
----
At line 65 changed one line
|s3:ListAllMyBuckets|Lists all buckets owned by the requester.|Needed if the application dynamically lists available buckets.\\
|s3:ListAllMyBuckets|Lists all buckets owned by the requester.|Required for bucket verification.\\
At line 69 changed one line
|s3:AbortMultipartUpload|Cancels an in-progress multipart upload.|Used to clean up failed or cancelled large file uploads.\\
|s3:AbortMultipartUpload|Cancels an in-progress multipart upload.|Used to clean up failed or canceled large file uploads.\\
At line 81 changed one line
__Server:__ The base domain of the S3-compatible server (s3.us-east-1.amazonaws.com for Amazon S3). This can be replaced with endpoints for non-Amazon providers.\\
__Server:__ The base domain of the S3-compatible server (s3.us-east-1.amazonaws.com for Amazon S3). To use a non-Amazon provider, enter the provider’s endpoint hostname in the __URL__ field.
\\
At line 89 changed one line
__Use Bucket in Path__: Includes the bucket name as part of the S3 object key/path. This is typically not required unless working with a non-standard or custom S3-compatible backend that expects this behavior.//
__Use Bucket in Path__: Includes the bucket name as part of the S3 object key/path. This is typically not required unless working with a non-standard or custom S3-compatible backend that expects this behavior.\\
At line 111 changed 5 lines
!2. Access other cloud storage through S3 REST API\\
Google Cloud - [Google Cloud Storage Access Through S3 REST API | https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Google%20Cloud%20Storage%20Integration#section-Google+Cloud+Storage+Integration-2.AccessThroughS3RESTAPI] \\
BackBlaze(b2) - [BackBlaze(b2) Access Through S3 REST API| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=BackBlaze%28b2%29%20integration#section-BackBlaze_28b2_29+integration-2.AccessThroughS3RESTAPI]\\
----
!3. Assume Role access\\
!2. Access Amazon S3 using Assume Role\\
At line 158 added 10 lines
Ensure that your __S3 permissions are correctly configured__ as described in [1.3 Required S3 IAM Policy Permissions|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.3RequiredS3IAMPolicyPermissions], and then configure the S3 Remote VFS item as described in [1.4 S3 Remote VFS Settings|https://www.crushftp.com/crush11wiki/Wiki.jsp?page=S3%20integration#section-S3+integration-1.4S3RemoteVFSSettings].\\
----
!3. Access other cloud storage through S3 REST API\\
\\
__Google Cloud__ - __⚠️ Important__: Check the __SHA256 enabled on signing (Signing Version 4)__ flag. [Google Cloud Storage Access Through S3 REST API | https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Google%20Cloud%20Storage%20Integration#section-Google+Cloud+Storage+Integration-2.AccessThroughS3RESTAPI] \\
\\
__BackBlaze(b2)__ - __⚠️ Important__: __SHA256 enabled on signing (Signing Version 4)__ and __Include SHA256 to request headers (Signing Version 4 related)__ flags must be checked. [BackBlaze(b2) Access Through S3 REST API| https://www.crushftp.com/crush11wiki/Wiki.jsp?page=BackBlaze%28b2%29%20integration#section-BackBlaze_28b2_29+integration-2.AccessThroughS3RESTAPI]\\
\\
__Yandex__ - __⚠️ Important__: Ensure that the __Server Side Encryption__ option is unchecked.\\
----
Version Date Modified Size Author Changes ... Change note
119 24-Jun-2025 01:34 14.432 kB krivacsz to previous
118 13-Jun-2025 03:05 14.431 kB krivacsz to previous | to last
117 13-Jun-2025 02:59 13.982 kB krivacsz to previous | to last
116 13-Jun-2025 02:40 13.497 kB krivacsz to previous | to last
115 13-Jun-2025 02:38 13.392 kB krivacsz to previous | to last
114 13-Jun-2025 02:37 13.275 kB krivacsz to previous | to last
113 13-Jun-2025 02:31 13.044 kB krivacsz to previous | to last
112 13-Jun-2025 02:30 13.044 kB krivacsz to previous | to last
111 13-Jun-2025 02:28 13.038 kB krivacsz to previous | to last
110 13-Jun-2025 02:27 13.034 kB krivacsz to previous | to last
109 13-Jun-2025 02:26 12.9 kB krivacsz to previous | to last
108 13-Jun-2025 02:22 12.96 kB krivacsz to previous | to last
107 13-Jun-2025 02:21 12.825 kB krivacsz to previous | to last
106 13-Jun-2025 02:21 12.7 kB krivacsz to previous | to last
105 13-Jun-2025 02:18 12.501 kB krivacsz to previous | to last
104 13-Jun-2025 02:15 12.495 kB krivacsz to previous | to last
103 13-Jun-2025 02:14 12.474 kB krivacsz to previous | to last
102 13-Jun-2025 02:12 12.294 kB krivacsz to previous | to last
101 13-Jun-2025 02:09 12.21 kB krivacsz to previous | to last
« This page (revision-119) was last changed on 24-Jun-2025 01:34 by krivacsz
G’day (anonymous guest)
CrushFTP11 | What's New

Referenced by
...nobody

JSPWiki