Configure AWS S3 Bucket-Based Network Folders
The ability to mount an existing AWS S3 bucket as a Network Folder is available in FileCloud Server version 13 and later.
The ability to move a file in an Amazon S3 bucket-based network share to the recycle bin and restore it is available in FileCloud Server version 18.2 and later.
After you attach an AWS S3 bucket to a FileCloud Server Network Folder, you can update any of the original settings.
To edit an AWS S3 bucket-based Network Folder:
- Open a browser and log in to the Admin Portal.
- In the left navigation panel, select Network Folders.
- On the Manage Network Folders window, click the AWS S3 bucket-based network folder, and then click the edit icon ( ).
- On the S3 Network Folder Details window, set any of the following options:
|S3 Key||S3 access key|
|S3 Secret||S3 secret access key|
|Network Folder Name||Display name of network folder|
|Bucket Name||Name of bucket attached to network folder|
After September 2020, new AWS bucket names with a "." in them are invalid. However, bucket names with a "." in them created in September 2020 or earlier are still supported.
To allow S3 buckets created after September 2020 to have a "." in the bucket name, include the flag TONIDOCLOUD_S3_USE_PATH_STYLE_ENDPOINT in the file amazons3storageconfig.php and set it to 1.
|S3 Region||The geographical AWS region where the bucket is created.|
|End Point||Route target of the S3 service|
|Prefix||A prefix to add to the network share paths to create different paths within buckets|
|S3 Encryption Setting|
When this option is set the files in the S3 network share are not encrypted.
Amazon S3-Managed Key encryption
When this option is set the files are encrypted. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption.
Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.
Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.
Amazon KMS-Managed Key Encryption
When this option is set the files are encrypted using AWS KMS key. AWS KMS uses customer master keys (CMKs) to encrypt your Amazon S3 network
share. You use AWS KMS via the Encryption Keys section in the IAM console or via AWS KMS APIs to centrally create encryption keys, define the policies that control how keys can be used,
and audit key usage to prove they are being used correctly.
Note: Unlike s3 managed storage encryption, enabling encryption in network share will only encrypt only newly added files and will not encrypt existing files.
|Disable Offline Sync||Enabling this option will prevent this network share from being available for sync via FileCloud sync client|
Sharing the content of the network share can be disabled or enabled using this option
Allow Remote Deletion of Files
via Offline Sync
|Enabling this function will allow deleting files in the S3 Bucket if the files are deleted in the synced client. By default deletes are not propagated to S3 bucket when deleted via Sync client.|