S3 File System settings | Executive Education

Amazon Web Services Credentials

Custom Credentials File Location

A custom profile or ini file location. This will add a custom AWS SDK ini provider in addition to the AWS SDK defaultProvider. $settings['s3fs.access_key'] and $settings['s3fs.secret_key'] will take priority over this setting.

Enable Credential Caching

Allow the AWS SDK to locally cache credentials. This is recommended if using EC2, IAM, or similar authentication methods that require an API call to AWS Metadata servers to obtain usable credentials.

Credential Caching

Cached Credentials Directory

Copy of Cached credentials will be stored in this directory to avoid calling the metadata servers.

To configure your Amazon Web Services credentials, enter the values in the appropriate fields below. To set access and secret key you must use $settings['s3fs.access_key'] and $settings['s3fs.secret_key'] in your site's settings.php file.

S3 Bucket Name

If you don't set this field, you must set bucket name in your settings.php $config['s3fs.settings']['bucket'].

Bucket Region

The region in which your bucket resides. This value is set automatically when you Save Configuration on this page. You may override this in your settings.php with $config['s3fs.settings']['region'].

Advanced Configuration Options

Enable CNAME

Serve files from a custom domain by using an appropriately named bucket, e.g. "mybucket.mydomain.com".

CNAME Settings

CDN Domain Name

If serving files from CloudFront, the bucket name can differ from the domain name.

Map Domain Name to specific path

Map the domain name to the location from where the file should be pulled. This is useful when using a service such as Cloudfront where the origin path can be a specific folder in a bucket, rather than the entire bucket. For example, with a root folder of "staging" and a public folder of "s3fs-public" (for a full path of "mybucket/staging/s3fs-public"), the Public folders option will allow the full path to be mapped directly to the domain name ("my-cloudfront-id.cloudfront.net"). By default, the domain name maps to the entire bucket. NOTE: This setting impacts both the s3:// and public:// StreamWrappers, if using the "Public" option it is likely that s3:// links will not work.

Use a Custom Host

Connect to an S3-compatible storage service other than Amazon.

Custom Host Settings

Hostname

Custom service hostname, e.g. "https://objects.example.com" with http(s) protocol.

Use path-style endpoint

Send requests to a path-style endpoint, instead of a virtual-hosted-style endpoint. For example, http://s3.amazonaws.com/bucket, insead of http://bucket.s3.amazonaws.com.

Disable version sync

Check if the bucket does not support listObjectVersions.

S3 Object Cache-Control Header

The cache control header to set on all S3 objects for CDNs and browsers, e.g. "public, max-age=300".

Server-Side Encryption

If your bucket requires server-side encryption, you can specify the encryption algorithm here

Always serve files from S3 via HTTPS

Forces S3 File System to always generate HTTPS URLs for files in your bucket, e.g. "https://mybucket.s3.amazonaws.com/smiley.jpg".
Without this setting enabled, URLs for your files will use the same scheme as the page they are served from.

Ignore the file metadata cache

If you need to debug a problem with S3, you may want to temporarily ignore the file metadata cache. This will make all file system reads hit S3 instead of the cache.
This causes s3fs to work extremely slowly, and should never be enabled on a production site.

Bucket is read-only

Enable this option if the account used to access the bucket has read-only permissions:

Disable SSL/TLS verification

Enable if your bucket is using a locally self-signed certificate.
PLEASE NOTE: This is not recommended as it is a security risk.

Disable Shared Config Files

Disables the searching of shared config files (such as ~/.aws/config). This may be necessary if open_basedir is enabled on the server.

The TTL of the redirect cache to the s3 styles

Styles will be redirected to S3 and Dynamic Page Cache module will cache the response for the specified TTL.

Use S3 for public:// files

Enable this option to store all files which would be uploaded to or created in the web server's local file system within your S3 bucket instead. To replace public:// stream wrapper with s3fs stream, include the following in settings.php:
$settings['s3fs.use_s3_for_public'] = TRUE;

PLEASE NOTE: If you intend to use Drupal's performance options which aggregate your CSS or Javascript files, or will be using any other system that writes CSS or Javascript files into your site's public:// file system, you must perform some additional configuration to make those files work correctly when stored in S3. Please see the section titled "Aggregated CSS and JS in S3" in the README for details.

Custom CSS/JS Asset Host.

Use a custom host for assets links inside CSS/JS files.

Custom CSS/JS Host Settings

Hostname

Custom hostname, e.g. "objects.example.com" without http(s) protocol.

Twig compiled storage folder

PLEASE NOTE: If you intend use s3fs for public:// you should change your php twig storage folder to a local directory, php twig files in S3 produce latency and security issues (these files would be public). Please change the php_storage settings in your setting.php and choose a directory, out of docroot recommended. Example:
$settings['php_storage']['twig']['directory'] = '../storage/php';

Upload all files as private in S3

Enable this option to store all files as private files in S3. To enable this feature include the following in settings.php:
$settings['s3fs.upload_as_private'] = TRUE;

Use S3 for private:// files

Enable this option to store all files which would be uploaded to or created in the private:// file system (files available only to authneticated users) within your S3 bucket instead. To replace private:// stream wrapper with s3fs stream, include the following in settings.php:
$settings['s3fs.use_s3_for_private'] = TRUE;

Root Folder

S3 File System uses the specified folder as the root of the file system within your bucket (if blank, the bucket root is used). This is helpful when your bucket is used by multiple sites, or has additional data in it which s3fs should not interfere with.
The metadata refresh function will not retrieve metadata for any files which are outside the Root Folder.
This setting is case sensitive. Do not include leading or trailing slashes.
Changing this setting will not move any files. If you've already uploaded files to S3 through S3 File System, you will need to manually move them into this folder.

Additional Folder Settings

Public Folder

The name of the folder in your bucket (or within the root folder) where public:// files will be stored.

Private Folder

The name of the folder in your bucket (or within the root folder) where private:// files will be stored.

Like the root folder, changing these settings will not move any files. If you've already uploaded files to S3 through S3 File System, you will need to manually move them into the corresponding folders.

File-specific Settings

Presigned URLs

A list of timeouts and paths that should be delivered through a presigned url.
Enter one value per line, in the format timeout|path. e.g. "60|private_files/*". Paths use regex patterns as per preg_match. If no timeout is provided, it defaults to 60 seconds.

Force Save As

A list of paths for which users will be forced to save the file, rather than displaying it in the browser.
Enter one value per line. e.g. "video/*". Paths use regex patterns as per preg_match.

Torrents

A list of paths that should be delivered via BitTorrent.
Enter one value per line, e.g. "big_files/*". Paths use regex patterns as per preg_match.
Private files and paths which are already set as Presigned URLs or Forced Save As cannot be delivered as torrents.