Skip to main content
Skip table of contents

Getting Set Up - AWS and Portal Accounts

Welcome to S-Drive! S-Drive uses Amazon Web Services (AWS) to store files, and an S-Drive portal account to track usage and billing. Let’s get those set up first.

Create an Amazon Web Services Account

To set up an AWS account, go to https://aws.amazon.com/ or directly to https://portal.aws.amazon.com/billing/signup#/start to create an account.

Note: It’s very important to keep track of the login credentials for this account and to make sure they are not lost if the person who created them leaves the organization. They will be needed at times in the future when it may be necessary to update or change your bucket.

You will create a bucket later on when you configure S-Drive. There is no need to create a bucket directly in AWS and we recommend against it.

Access Key and Secret Key

When creating your account, you will be given an Access Key and Secret Key, which you will need later in order to activate S-Drive.

Save your Access Key and Secret Key somewhere secure. You will need these and cannot get them from AWS. You must create new ones if you lose these.

If you need to create keys again, you can go to https://aws.amazon.com/ and go to Security Credentials.

Note: Your access key may be exposed when sharing a link to files or uploading files. The Access Key is akin to a username, while the Secret Key is like a password, so exposing the Access Key is not considered a security risk. It is how AWS works with pre-signed URLs.

See these articles for more information:

Sharing Objects using presigned URLs (AWS)

AWS security credentials (AWS)

Managing access keys for IAM users (AWS)

Is an AWS "Access Key ID" a secret? (Stack Exchange)

Identity and Access Management (IAM) Policies and Minimum Policy Example

IAM policies allow you to control users' access to your S3 bucket. See What is IAM for information.

Minimum Policy Example

This policy is for everyday users of S-Drive who don’t need full permissions. The user that creates and manages the bucket in S-Drive needs full permissions, not the policy shown below.

To apply a limited policy to your restricted user:

(Note: This should be done AFTER you have installed S-Drive and created a bucket. You will need the bucket name to create the policy. )

  1. Sign in to AWS Management Console and click "IAM" from Services menu.

  2. Click "Policies" on the dashboard and then click "Create Policy" button.

  3. Select "Create Your Own Policy" on the screen.

  4. Type name into "Policy Name" area. Copy contents of the below example and paste into "Policy Document" area on AWS Console. Change the sdrivebucket bucket name references in the policy document example to the name of your S-Drive bucket and click "Create Policy". The purpose of this policy is to give proper access to your own Salesforce instance to be able to upload/ download files.

  5. Click "Users" on the dashboard and click on your user name. Then Click "Attach Policy" button on the screen for the user that you use in S-Drive.

CODE
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutBucketCORS"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::sdrivebucket"
            ]
        },
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketVersioning",
                "s3:PutBucketVersioning"
             ],
            "Resource": "arn:aws:s3:::sdrivebucket"
        }
    ]
}

Find the policy which you created in #4 and click "Attach Policy" button.

Create an S-Drive Portal Account

In order to use S-Drive, you need to create your own S-Drive Portal account. Once you install S-Drive in your Salesforce org, you will login to this portal acount and connect your org. Your portal can connect multiple orgs--sandboxes and production. In the portal, you will also be able to see your Amazon account, your S-Drive invoices, and payment details. Go https://portal.sdriveapp.com. Register for a free account, or login if you already have an account.

For more information about your Portal account, including how to register a payment method, see payment details, download invoices, connect or reconnect to organizations, change your password or Account information and more, see S-Drive Portal Account

Creating a Bucket

We recommend creating a bucket from within S-Drive. See Installing and Activating S-Drive This will ensure the settings on the bucket are correct.

CORS (cross-origin resource sharing) settings

If you choose to create a bucket directly in S3, make sure it has the following CORS settings, which can be found under the bucket permissions in AWS.

[
{
"AllowedHeaders": [
""
],
"AllowedMethods": [
"GET",
"PUT",
"POST",
"DELETE",
"HEAD"
],
"AllowedOrigins": [
""
],
"ExposeHeaders": []
}
]

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.