# AWS S3

UI Bakery allows you to easily connect to your Amazon S3 bucket with no need for additional layers like APIs or third-party services.

## Configuration

### Prerequisites

There are certain steps you need to take first before connecting your AWS S3 datasource to UI Bakery:

* [Create an S3 bucket](#creating-an-s3-bucket)
* [Allow CORS for S3 file upload](#allowing-cors-for-s3-file-upload)
* [Create IAM user](#creating-iam-user)
* [Generate Access key ID and Secret access key ID](#generating-access-key-id-and-secret-access-key-id)

#### Creating an S3 bucket

Log in to your AWS console, go to the S3 page, and click **Create bucket**. Here, specify bucket name, select a region, and set bucket permissions.

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FtP9qCv15vU1yk0dwQdeE%2Fspaces_UX6zPRMFFK0yrTghj7cY_uploads_git-blob-8dd561502034f692c0402fd4e775e7c7a95a42b1_image%20(46)-min.png?alt=media&#x26;token=311da4e3-07fd-46bb-b4af-54ab1044e6c0" alt=""><figcaption></figcaption></figure>

#### Allowing CORS for S3 file upload

If you are planning to use the [S3 file uploader](https://docs.uibakery.io/reference/working-with-components/aws-s3-uploader) component in UI Bakery, you need to set up **CORS policies** for your bucket.

To do so, navigate to your *Bucket Settings > Permissions*, then scroll to the *Cross-origin resource sharing (CORS)* section. For the **cloud** version of UI Bakery, add the following JSON:

```json
[
  {
    "AllowedOrigins": ["https://*.uibakery.io"],
    "AllowedMethods": ["PUT", "POST", "DELETE"],
    "AllowedHeaders": ["*"]
  },
  {
    "AllowedOrigins": ["*"],
    "AllowedMethods": ["GET"]
  }
]
```

{% hint style="warning" %}
If you're using a *self-hosted* or *managed* version of UI Bakery on a custom domain, you need to use the domain where you run your UI Bakery platform in the `AllowedOrigins` section. Usually, it equals the value of the `UI_BAKERY_APP_SERVER_NAME` environment variable.
{% endhint %}

#### Creating IAM user

After you have set up your bucket, you need to create an IAM user that will be used to access your S3 data.

On the S3 page, navigate to *Identity and Access Management* (*IAM) > Users*, and click **Add Users**. After entering user name, you will be prompted to set up the **permissions** of your IAM user.\
In **Permission options**, select *Attach policies directly* and in **Permissions policies**, select *AmazonS3FullAccess*.

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2Fx23kh6GlhEwC1DEAzZ3m%2Fspaces_UX6zPRMFFK0yrTghj7cY_uploads_git-blob-c3cd913026f85c8358d320bf6bb388468fa9d5a4_image%20(113)-min%20(1).png?alt=media&#x26;token=f81c5ddb-f3e1-49ae-846c-ef48db4e42cd" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
When running UI Bakery in the *Production* environment, we strongly recommend limiting IAM user's access to the exact bucket that user is allowed to access. In this case, you can use the **Amazon Resource Name (ARN)** of the bucket you created in a custom policy. \
Refer to [AWS documentation](https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/) for instructions on writing IAM policies.
{% endhint %}

#### Generating Access key Id and Secret access key ID

Once you created your IAM user, the next step is to create access keys that could be used by UI Bakery. \
In IAM user's settings, click on **Security credentials**, scroll down to the *Access keys* section, and click **Create access key**. For the access key type, select **Third-party service**.

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2FZ7ZQLS9PJlEnhJNm60AF%2Fspaces_UX6zPRMFFK0yrTghj7cY_uploads_git-blob-9231bc8684afbab951438ce281e2f5aee87ee969_image%20(21)-min.png?alt=media&#x26;token=405883e0-d5cb-4231-9042-ccd0fdad55f5" alt=""><figcaption></figcaption></figure>

Copy the created *Access key ID* and *Secret access key ID* and save them for later.

### Connecting the data source

After you've completed all the steps above, you can now proceed to connecting your AWS S3 data source. Follow the instruction below:point\_down:

1. On the **Data sources** page, click **Connect**, and select *AWS S3* in the Data sources list.
2. Enter the data source name and specify all other connection settings:
   1. Paste the **Access key ID** and **Secret access key ID** you've created before.
   2. If you're using <kbd>AssumeRole</kbd>, specify it in the **Role to assume (ARN)** field.

{% hint style="info" %}
You can also specify the *Default S3 bucket* name - this value can be overridden in an action or in the S3  file uploader component.
{% endhint %}

3. Click **Test connection** to check whether the data source can be connected, and then click **Connect Datasource**.

<figure><img src="https://837703843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUX6zPRMFFK0yrTghj7cY%2Fuploads%2Frqal4fKWLEcXr0lGPWye%2FCleanShot%202025-04-07%20at%2017.38.03%402x-min.png?alt=media&#x26;token=928a9415-da58-4323-a3dc-9ddaea433026" alt=""><figcaption></figcaption></figure>

Check out the following page for more S3-related information:point\_down:

{% content-ref url="amazon-s3/s3-compatible-endpoints-digitaloceans-spaces" %}
[s3-compatible-endpoints-digitaloceans-spaces](https://docs.uibakery.io/reference/data-sources/amazon-s3/s3-compatible-endpoints-digitaloceans-spaces)
{% endcontent-ref %}

## Usage

Once you've connected the data source, you can start interacting with its data. For this purpose, you can use the [S3 Query](https://docs.uibakery.io/reference/working-with-actions/s3-query) action step.