Connect to Amazon Simple Storage Service (Amazon S3) - AWS App Studio
Create and configure Amazon S3 resourcesCreate an IAM role to give App Studio access to Amazon S3 resourcesCreate Amazon S3 connector

AWS App Studio is in preview and is subject to change.

Connect to Amazon Simple Storage Service (Amazon S3)

To connect App Studio with Amazon S3 to enable builders to access and use Amazon S3 resources in applications, you must perform the following steps:

  1. Create and configure Amazon S3 resources

  2. Create an IAM role to give App Studio access to Amazon S3 resources

  3. Create Amazon S3 connector

After you have completed the steps and created the connector with proper permissions, builders can use the connector to create apps that interact with Amazon S3 resources. For more information about interacting with Amazon S3 in App Studio apps, see Interacting with Amazon Simple Storage Service with components and automations.

Create and configure Amazon S3 resources

Depending on your app's needs and your existing resources, you may need to create an Amazon S3 bucket for apps to write to and read from. For information about creating Amazon S3 resources, including buckets, see Getting started with Amazon S3 in the Amazon Simple Storage Service User Guide.

To use the S3 upload component in your apps, you must you must add a cross-origin resource sharing (CORS) configuration to any Amazon S3 buckets you want to upload to. The CORS configuration gives App Studio permission to push objects to the bucket. The following procedure details how to add a CORS configuration to an Amazon S3 bucket using the console. For more information about CORS and configuring it, see Using cross-origin resource sharing (CORS) in the Amazon Simple Storage Service User Guide.

To add a CORS configuration to an Amazon S3 bucket in the console

  1. Navigate to your bucket in the https://console.aws.amazon.com/s3/.

  2. Choose the Permissions tab.

  3. In Cross-origin resource sharing (CORS), choose Edit.

  4. Add the following snippet:

    [
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": []
    }
]

  5. Choose Save changes.

Create an IAM role to give App Studio access to Amazon S3 resources

To use Amazon S3 resources with App Studio, administrators must create an IAM role to give App Studio permissions to access the resources. The IAM role controls the scope of data that builders can use and what operations can be called against that data, such as Create, Read, Update, or Delete.

We recommend creating at least one IAM role per service and policy.

To create an IAM role to give App Studio access to Amazon S3 resources

  1. Sign in to the IAM console with a user that has permissions to create IAM roles. We recommend using the administrative user created in Create an administrative user for managing AWS resources.

  2. In the navigation pane of the console, choose Roles and then choose Create role.

  3. In Trusted entity type, choose Custom trust policy.

  4. Replace the default policy with the following policy to allow App Studio applications to assume this role in your account.

    You must replace 111122223333 with the AWS account number of the account used to set up the App Studio instance.

    { 
    "Version": "2012-10-17",
    "Statement": [
        { 
            "Effect": "Allow",
            "Principal": { 
                "AWS": "arn:aws:iam::111122223333:root"
            }, 
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                        "aws:PrincipalTag/IsAppStudioAccessRole": "true"
                }
            }
        } 
    ]
}

    Choose Next.

  5. In Add permissions, search for and select the policies that grant the appropriate permissions for the role. Choosing the + next to a policy will expand the policy to show the permissions granted by it and choosing the checkbox selects the policy. Consider adding one of the following policies, based on your app's needs:

    • AmazonS3FullAccess: Grants permissions that allow full access to Amazon S3.

    • AmazonS3ReadOnlyAccess: Grants permissions that allow read-only access to Amazon S3.

    For more information about using IAM policies with Amazon S3, including a list of managed policies and their descriptions, see Identity and Access Management for Amazon Simple Storage Service in the Amazon Simple Storage Service User Guide.

    Choose Next.

  6. In Role details, provide a name and description.

  7. In Step 3: Add tags, choose Add new tag to add the following tag to provide App Studio access:

    • Key: IsAppStudioDataAccessRole

    • Value: true

  8. Choose Create role and make note of the generated Amazon Resource Name (ARN), you will need it to create the Amazon S3 connector in App Studio in the next step.

Create Amazon S3 connector

To create a connector for Amazon S3

  1. Navigate to App Studio.

  2. In the left-side navigation pane, choose Connectors in the Manage section. You will be taken to a page displaying a list of existing connectors with some details about each.

  3. Choose + Create connector.

  4. Choose the Amazon S3 connector.

  5. Configure your connector by filling out the following fields:

  6. Choose Create.

  7. The newly created connector will appear in the Connectors list.