Configure AWS S3 Bucket-Based Network Folders

The ability to mount an existing AWS S3 bucket as a Network Folder is available in FileCloud Server version 13 and later.

The ability to move a file in an Amazon S3 bucket-based network share to the recycle bin and restore it is available in FileCloud Server version 18.2 and later.

After you attach an AWS S3 bucket to a FileCloud Server Network Folder, you can update any of the original settings.

 To edit an AWS S3 bucket-based Network Folder:

  1. Open a browser and log in to the Admin Portal.
  2. In the left navigation panel, select Network Folders.
  3. On the Manage Network Folders window, click the AWS S3 bucket-based network folder, and then click the edit icon ().
  4. On the S3 Network Folder Details window, set any of the following options:
S3 KeyS3 access key 
S3 SecretS3 secret access key
Network Folder NameDisplay name of network folder
Bucket NameName of bucket attached to network folder

After September 2020, new AWS bucket names with a "." in them are invalid. However, bucket names with a "." in them created in September 2020 or earlier are still supported.
To allow S3 buckets created after September 2020 to have a "." in the bucket name, include the flag TONIDOCLOUD_S3_USE_PATH_STYLE_ENDPOINT in the file amazons3storageconfig.php and set it to 1.
S3 RegionThe geographical AWS region where the bucket is created.
End PointRoute target of the S3 service
PrefixA prefix to add to the network share paths to create different paths within buckets
S3 Encryption Setting

No Encryption    

When this option is set the files in the S3 network share are not encrypted.

Amazon S3-Managed Key encryption

When this option is set the files are encrypted. Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption.

Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.      

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.


Amazon KMS-Managed Key Encryption  

When this option is set the files are encrypted using AWS KMS key. AWS KMS uses customer master keys (CMKs) to encrypt your Amazon S3 network

share. You use AWS KMS via the Encryption Keys section in the IAM console or via AWS KMS APIs to centrally create encryption keys, define the policies that control how keys can be used,

and audit key usage to prove they are being used correctly.

Note: Unlike s3 managed storage encryption, enabling encryption in network share will only encrypt only newly added files and will not encrypt existing files.

Disable Offline SyncEnabling this option will prevent this network share from being available for sync via FileCloud sync client

Sharing the content of the network share can be disabled or enabled using this option

Allow Remote Deletion of Files

via Offline Sync

Enabling this function will allow deleting files in the S3 Bucket if the files are deleted in the synced client. By default deletes are not propagated to S3 bucket when deleted via Sync client.