diff --git a/web/create.tmpl b/web/create.tmpl index 78f9e3e..7f0c80b 100644 --- a/web/create.tmpl +++ b/web/create.tmpl @@ -86,7 +86,7 @@ placeholder="">
- Your keys will be stored in the database until the dropbox link expires. + Your keys will be stored in the database until the dropbox link expires. See creating credentials for more information.
@@ -113,7 +113,7 @@ value="">- Specify a canned ACL. Otherwise, object access permissions will follow bucket defaults. + Specify a canned ACL. Otherwise, object access permissions will follow bucket defaults, usually private unless public access is configured.
Before you can create a dropbox, you need an S3-compatible bucket and credentials for that bucket. Any service that implements S3-compatible multipart uploads are supported by this tool:
+Create a bucket for use with this tool. For security, avoid sharing a bucket with another system. On platforms protected by CORS like AWS, configure CORS to allow requests from this tool:
++[ + { + "AllowedHeaders": [ + "*" + ], + "AllowedMethods": [ + "GET", + "PUT", + "POST", + "DELETE" + ], + "AllowedOrigins": [ + "http://UPL_HOSTNAME", + "https://UPL_HOSTNAME" + ], + "ExposeHeaders": [ + "ETag" + ] + } +] ++
Additionally, consider setting up a lifecycle policy to automatically abort incomplete multipart uploads. +
Create an access and secret key pair for use with this tool. Follow your platform configuration for more information. On AWS, this can be done by creating a user in IAM. The access key must have the following capabilities:
++{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ], + "Resource": "arn:aws:s3:::BUCKET_NAME/*" + } + ] +} ++
You can optionally allow users to access the uploaded files. This can be done by attaching the following bucket policy:
++{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "PublicRead", + "Effect": "Allow", + "Principal": "*", + "Action": "s3:GetObject", + "Resource": "arn:aws:s3:::BUCKET_NAME/*" + } + ] +} ++
Work in progress...
+