Configure AWS S3 Bucket-Based Network Folders

After you attach an AWS S3 bucket to a FileCloud Server Network Folder, you can update any of the original settings.

 To edit an AWS S3 bucket-based Network Folder:

  1. Open a browser and log in to the admin portal.
  2. In the left navigation panel, select Network Folders.
  3. On the Manage Network Folders window, click the AWS S3 bucket-based network folder, and then click the edit icon ().
  4. On the S3 Network Folder Details window, set any of the following options:
S3 KeyS3 access key 
S3 SecretS3 secret access key
Use IAM roleWhen checked, the S3 Key and S3 Secret fields disappear and the IAM role is used to connect to the S3 bucket.
Network Folder NameDisplay name of network folder
Bucket NameName of bucket attached to network folder

After September 2020, new AWS bucket names with a "." in them are invalid. However, bucket names with a "." in them created in September 2020 or earlier are still supported.
To allow S3 buckets created after September 2020 to have a "." in the bucket name, include the flag TONIDOCLOUD_S3_USE_PATH_STYLE_ENDPOINT in the file amazons3storageconfig.php and set it to 1.
End Point(Optional) AWS S3 endpoint URL. Leave empty if using Amazon's S3 service; the region string automatically selects the correct endpoint. This value cannot be changed once the bucket is created.
S3 RegionThe geographical AWS region where the bucket is created.
PrefixA prefix to add to the network share paths to create different paths within buckets
S3 Encryption Setting

No Encryption    

When this option is set the files in the S3 network share are not encrypted.

Amazon S3-Managed Key encryption

When this option is set the files are encrypted. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption.

Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.      

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.


Amazon KMS-Managed Key Encryption  

When this option is set the files are encrypted using AWS KMS key. AWS KMS uses customer master keys (CMKs) to encrypt your Amazon S3 network

share. You use AWS KMS via the Encryption Keys section in the IAM console or via AWS KMS APIs to centrally create encryption keys, define the policies that control how keys can be used,

and audit key usage to prove they are being used correctly.

Note: Unlike S3 managed storage encryption, enabling encryption in Network Shares encrypts only newly added files and does not encrypt existing files.

Disable Offline SyncEnabling this option will prevent this network share from being available for sync via FileCloud sync client
Disable NotificationsDisable some or all S3 Network Folder notifications for users with access to the folders. See Disable notifications for Amazon S3 bucket-based Network Folders, below.

Sharing the content of the network share can be disabled or enabled using this option

Allow Remote Deletion of Files via Offline Sync

Enabling this function will allow deleting files in the S3 Bucket if the files are deleted in the synced client. By default deletes are not propagated to S3 bucket when deleted via Sync client.

Disable notifications for Amazon S3 Network Folders

By default, notifications are enabled for network folders. This means that all users who have access to a network folder and have notifications enabled receive notifications about all actions on the folder. 

However, since multiple users may have access to the same network folder, users may receive notifications about actions that don't interest or don't apply to them.

There are various ways you can limit their access to these notifications. First disable notifications for the folder, and then override the setting only for notifications that you want to permit.

  1. Disable notifications for the folder:
    1. Click Network Folders in the left navigation menu to display the list of network folders
    2. Click the Edit button for the network folder. 
      The Network Folder Details dialog box opens.
    3. Check the Disable Notifications box.
  2. Click Update.
  3. Do one of the following:

    • Leave all notifications about actions in the folder disabled. 
      By default, admins and users can override this setting. An admin can enable notifications about the folder for specific users, or users can enable their own notifications for the folder. 
      If you do not want users to be able to override this setting, you must disable file change notifications in Settings > Misc > Notifications. See Notifications for File Changes for help.

    • Enable notifications about the folder for specific users. 
      This is useful if you want to limit the users who receive notifications about a network folder to those you have shared it with.
      See the various options for setting users' notifications in the section Managing User-Defined Notifications.  

    • Allow users to enable their own notifications about the folder.
      See the options users have for setting their own notifications in the section Notifications.