Custom storage regions

Customers can now manage their own storage regions in AWS S3 and GCP Cloud Storage. This tutorial will help you properly configure your custom storage region in AWS and GCP.

AWS S3 #

Step 1 - Bucket creation #

Log in to your Amazon Web Services console with your credentials. Once inside go to the Storage > S3 section and click the Create bucket orange button. Fill out your bucket information (Bucket name and Region).
s3-custom-bucket-name
Then scroll down until the Block Public Access settings for bucket section and just select the following two options:
  • Block public access to buckets and objects granted through new public buckets or access point policies.
  • Block public and cross-account access to buckets and objects through any public bucket or access point policies.
  • I acknowledge that the current settings might result in this bucket and the objects within becoming public.
s3-custom-bucket-security
Scroll down and click the Create bucket orange button.

Step 2 - Credentials configuration #

Now we recommend creating a new AWS User and credentials. Go to AWS IAM > Users section and create the Add user button. Select a user name and choose the Programmatic access option under the access type section.
s3-custom-bucket-user
Click Next, and follow steps 2, 3, and 4 without changing anything, maintaining the default options, and finish by clicking the Create user button. The user credentials will be displayed, copied, and stored securely. You will have to provide them to our team.
s3-custom-bucket-credentials

Step 3 - Grant permissions #

Now we have to grant some additional permissions to the new user. For this example, we will use the Inline AWS policies but as an alternative, you can create a new policy and attach it to the user.

Click on the new user and click Add inline policy under the Permissions tab. Use the {} JSON editor and enter the following AWS Policy:

				
					    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:GetBucketLocation",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::mycustom-private-bucket",
                "arn:aws:s3:::mycustom-private-bucket/*"
            ]
        }
    ]
}
				
			
Note that you have to substitute the arn:aws:s3:::mycustom-private-bucket with the ARN of the bucket you created in the previous step.  

Step 4 - Select your new Storage Region #

Once created, a new record will be added to the list, easily identifiable as it will be displayed as a You or Managed by title. You can configure your Custom Storage Region at Workspace or App levels:
  • Workspace: The configuration will be applied to the entire workspace except. It will apply to all apps except those that already have a Custom Storage region configured. To do so, just click Select on this screen to enable it at the entire workspace level.
  • App: The configuration will be applied just to this App, regardless of the workspace configuration. To do so, go to your App Settings > Advanced and Select the Storage provider you’d like.

GCP Cloud Storage #

Step 1 - Create a service account #

Log in to your Google Cloud  console with your credentials. Once inside go to the IAM > Service Accounts section and click the Create service account button.

Fill out the Step 1 with your service account information. You can safely skip Steps 2 and Step 3 for now. Then click Done.

Once the service account has been created, click CREATE KEY button.

Now, navigate to Cloud Storage, from the GCP products menu, and click Settings > Interoperability. Then scroll down to Service account HMAC and click +CREATE A KEY FOR ANOTHER SERVICE ACCOUNT.

 

Use the filtering options to find the Service Account that you generated in the previous step. Select it and then click CREATE KEY.

A new Access key and Secret pair will be generated. Save these values for later.

Step 2 - Create a Cloud Storage bucket #

Now navigate to Cloud Storage, from the products menu and click Create bucket. Fill out the bucket name and click CONTINUE.

Choose where to store your data, from the available regions. You can choose regional storage, dual storage and multi-region storage.

Next, choose the storage class. We recommend using the “autoclass” option provided by GCP that utomatically transitions each object to Standard or Nearline class based on object-level activity, to optimise for cost and latency. Recommended if usage frequency may be unpredictable.

Define access control policy that must be set to “Fine-grained” as Applivery will define individual access policies for each object.

Under data protection, we recommend choosing “Soft-delete policy” and then “Use default retention duration“. Then click CREATE buton to finish.

Step 3 - Update bucket permissions #

Now go to Buckets, select the bucket recently created and click PERMISSIONS. Click +GRANT ACCESS.

In the side panel, search the service account under “New principals” and assign the “Storage Object User” role. Then click SAVE.

Configure your Custom Storage Region in Applivery #

Now that the AWS S3 or GCP Cloud Storage configuration is done, you will have to go to your Workspace Settings > Storage section and click the + Create storage provider button.

storage-regions
Complete the form with the information you generated in the previous steps. Then click Save button.

Enabling storage buckets #

You can switch between storage regions by just clicking the Select button beside every storage region.

Testing new configurations #

You can use the bug icon located on each Storage region to test the proper configuration of the bucket. Applivery will run a series of test that will confirm if the bucket has been properly configured.

A successful test will look like this:

Disabling a Custom Storage Region #

You can disable a Custom Storage Region by clicking the Select button of the default storage region (Ireland).

Removing a Custom Storage Region #

You can permanently remove a Custom Storage Region by clicking the pencil button (1) beside it and then the Delete (2) button at the bottom of the modal view. The Storage Region will be permanently removed from the system.
storage-region-delete
Updated on October 11, 2024
Was this article helpful?

On this page

— talk to an expert —

Talk to an expert

MDM & MAD [EN]
How many devices do you want to manage with Applivery?
Which operating systems do you want to manage?