S3
 Feature: AWS S3
 Feature: AWS S3
 Editions: Cloud, Corporate, Store
 Editions: Cloud, Corporate, Store
This topic is for reference purposes only. Use AWS provisioning to automatically create these resources for each organization.
Kensium POS uses AWS S3 to store media gallery images and other files – such as sync files – in the cloud. While media can be stored locally, media files should be stored in S3 because it can take advantage of Amazon’s backup systems, and also reduce load on the POS server.
The provisioning process automatically creates the S3 bucket:
- By convention, the bucket name follows the format fusion-rms-orgid.
- An example is fusion-rms-xmsqa1.
- Bucket names must be unique across AWS, so there is a chance that the name is already in use. The provisioning process can supply an alternative bucket name if that is the case.
 
- An OrgId tag is added to specify the client ID, which is useful for AWS billing reports.
- Block all public access is disabled, as the bucket will be used to serve things like images to public users.
- Public access is limited by policy, instead.
 
- A /pub folder is created.
- This will store all files that are managed by Kensium POS’s media gallery.
- These files are readable to anonymous (public) web and mobile users.
 
- A permissions policy is applied to the bucket to:
- Grant read access to the public for the pub folder.
- Grant get, put, and delete access for the bucket and its files to the client’s IAM user.
- Grant list access to the bucket content for the client’s IAM user.
- A policy example is:
 
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::fusion-rms-xmsqa1/pub/*"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::935799716578:user/rms_xmsqa1"
            },
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": "arn:aws:s3:::fusion-rms-xmsqa1/*"
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::935799716578:user/rms_xmsqa1"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::fusion-rms-xmsqa1"
        }
    ]
}
