S3 Destination

CREATE IAM USER ROLE ON AWS

The recommended way to allow Blitline to write to your S3 Bucket is to set up an IAM credential for Blitline and enter the access key and secret into the Blitline web console.

Steps for creating an IAM policy are beyond the scope of this document, but you can find more information here https://docs.aws.amazon.com/AmazonS3/latest/userguide/user-policies.html

The policy you would want to set on AWS is as follows:

❗️

Make sure to replace "YOUR_BUCKET_NAME!!" in the policy below with your actual Bucket name you are using to put your output files into.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME!!/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME!!"
            ]
        }
    ]
}

When creating your new IAM user, be sure to record the Access Key and Secret

842

When creating your new IAM user, be sure to record the Access Key and Secret




UPDATE BLITLINE.COM

Then you can enter your IAM credentials in your Blitline.com account

  • Log in to Blitline.com
  • Click on the Settings Button, and then Configuration Tab
  • Enter you Key and Secret
  • Press Save



PUSHING TO YOUR S3 BUCKET

Once you have set up your S3 Destination permissions, you can start using the "s3_destination" tag in your JSON and we use the credentials created above for pushing your s3 files.

In your Blitline job, you will need to add an “s3_destination”. This “s3_destination” needs to have the following children:

  • bucket (Your S3 bucket to push to)
  • key (The S3 key for the image that you wish Blitline to write to)
  • headers (Optional headers you wish to have added to your S3 item)

📘

Here is an example of a Blitline job that will push to your bucket:

{
  "application_id": "YOUR_APP_ID",
  "src": "http://www.google.com/logos/2011/houdini11-hp.jpg",
  "postback_url": "YOUR_WEBSITE_URL",
  "functions": [
    {
      "name": "blur",
      "save": {
        "image_identifier": "YOUR_IMAGE_IDENTIFIER",
        "s3_destination": {
          "bucket": "YOUR_BUCKET_NAME",
          "key": "key value to save image as"
        }
      }
    }
  ]
}

S3 Headers

By default Blitline will try to set permissions on the uploaded file to "acl" = "public-read". This means this file will be readable by the public.

To alter this default permission, you will need to set an S3 header in your s3_destination. The possible

🚧

If your bucket uses the bucket owner enforced setting for S3 Object Ownership, ACLs are disabled and no longer affect permissions. You must use policies to grant access to your bucket and the objects in it. Requests to set ACLs or update ACLs fail and return the AccessControlListNotSupported error code. Requests to read ACLs are still supported. For more information, see Controlling object ownership in the Amazon S3 User Guide.

NOTE: Since public-read acl is not possible on these types of buckets, the default value will be whatever the Bucket default is.

You can disable setting the ACL ( and default to the bucket permissions) by setting the s3_headerx-amz-grant-read to be empty. Such as:

{
  "application_id": "YOUR_APP_ID",
  "src": "http://www.google.com/logos/2011/houdini11-hp.jpg",
  "postback_url": "YOUR_WEBSITE_URL",
  "functions": [
    {
      "name": "blur",
      "save": {
        "image_identifier": "YOUR_IMAGE_IDENTIFIER",
        "s3_destination": {
          "bucket": "YOUR_BUCKET_NAME",
          "key": "key value to save image as",
          "headers" : {
            "x-amz-grant-read" : ""
          }
        }
      }
    }
  ]
}

You can also specify other S3 headers as defined at:

https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObjectAcl.html

IF You can't get your permissions working on Buckets, please contact us and we can probably help you out at [email protected]