Configure AWS S3 Upload Service
⌛️ In just 3 minutes, you can configure the AWS S3 upload service. Before starting, please ensure you have registered an AWS account and created a Bucket.
Security Notice
Before configuring the AWS S3 upload service, please note the following security recommendations:
To provide upload services, ExportX needs to securely store your keys on our servers. We take the following measures to protect your keys:
- All key information is stored using strong encryption algorithms
- Strict access control and audit mechanisms
- Following industry best security practices
We recommend:
- Strictly follow the principle of least privilege, only configure minimum permissions required for uploads (PutObject)
- Recommend limiting access to specific buckets and directories
- Use dedicated IAM users, avoid using root account keys
- Rotate keys regularly
Parameter Configuration
Amazon S3 is an object storage service provided by AWS. Our upload service requires the following parameters:
| Parameter | Description | Required |
|---|---|---|
| Bucket | Bucket name | Yes |
| Region | Region | Yes |
| Endpoint | Endpoint, usually s3.region.amazonaws.com For more info see AWS S3 Endpoint |
Yes |
| SecretKey | Secret key | Yes |
| AccessKey | Access key | Yes |
| UploadPath | Upload path, required if you configured arn | No |
| CDN Domain | CDN domain, e.g. if you use cloudfront, image links will be automatically generated | No |
Get Bucket Information
Here you can get the Bucket, Region, and Endpoint information.
The Endpoint is usually s3.[region].amazonaws.com, for example s3.us-east-1.amazonaws.com. You can refer to AWS S3 Endpoint
If you haven't configured CDN Domain, the final image URL will look like https://s3.us-east-1.amazonaws.com/figma-upload/upload-path/xxxx.png
If you have configured CDN Domain, the final image URL will look like https://cdn.example.com/figma-upload/upload-path/xxxx.png
Get AccessKey and SecretKey
We recommend creating a dedicated IAM user for the upload service and configuring minimum permissions.
Create Policy
ExportX's upload service only needs PutObject permission. Creating a policy can restrict uploads to specific buckets and directories. We recommend providing minimum permissions.
Click Create Policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": "arn:aws:s3:::figma-upload/upload-path/*"
}
]
}
Explanation: The above configuration restricts file uploads to the upload-path directory in figma-upload. You can adjust as needed.
Go to the IAM service in the cloud console and click create.
Create User
When creating a user, you need to attach the policy you just created.
Generate AccessKey
Select third-party service
Configure Upload Service
At this point, you have obtained the AccessKey and SecretKey and can configure the upload service.