BAPBA Protocol
GuidesHost Guides

AWS S3 Setup

Step-by-step guide to creating AWS S3 bucket and IAM credentials for BAP storage.

AWS S3 Setup

This guide walks through setting up AWS S3 storage for BAP, including creating an S3 bucket and IAM user with proper permissions.

Prerequisites

  • An AWS account
  • AWS Management Console access

Part 1: Create an S3 Bucket

Step 1: Navigate to S3

  1. Log into AWS Console
  2. Search for "S3" in the services bar
  3. Click "S3" to open the S3 dashboard

Step 2: Create Bucket

  1. Click "Create bucket"
  2. Configure the bucket:
SettingValueNotes
Bucket namebap-wills-[your-name]Must be globally unique
RegionChoose your regionNote this for later
ACLs enabledDisabled (recommended)Uses bucket policies
Block Public AccessCheckedKeep public access blocked
Bucket VersioningEnabled (optional)For backup retention
TagsOptionalAdd cost tracking tags
  1. Click "Create bucket"

Step 3: Configure Bucket Settings

  1. Click on your new bucket name
  2. Go to the "Permissions" tab
  3. Under "Bucket policy", add this policy to allow your IAM user access:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowIAMUserAccess",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::ACCOUNT_ID:user/bap-user"
      },
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::bap-wills-YOUR_NAME",
        "arn:aws:s3:::bap-wills-YOUR_NAME/*"
      ]
    }
  ]
}

Replace ACCOUNT_ID with your AWS account ID and bap-wills-YOUR_NAME with your bucket name.

Part 2: Create IAM User

Step 1: Navigate to IAM

  1. Search for "IAM" in AWS services
  2. Click "IAM""Users"
  3. Click "Add users"

Step 2: Create User

  1. Enter a username: bap-user
  2. Select "Access key - Programmatic access"
  3. Click "Next: Permissions"

Step 3: Attach Permissions

  1. Click "Attach policies directly"
  2. Click "Create policy" (opens new tab)
  3. Switch to the "JSON" tab
  4. Paste this policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::bap-wills-YOUR_NAME",
        "arn:aws:s3:::bap-wills-YOUR_NAME/*"
      ]
    }
  ]
}
  1. Click "Next: Tags""Next: Review"
  2. Name the policy: BAP-S3-Access
  3. Click "Create policy"

Step 4: Complete User Creation

  1. Go back to the IAM user creation tab
  2. Click the refresh icon
  3. Search for and select BAP-S3-Access
  4. Click "Next: Tags""Next: Review"
  5. Click "Create user"

Step 5: Save Credentials

Important: This is the ONLY time you'll see the secret access key.

  1. On the success screen, you'll see:
    • Access key ID (e.g., AKIAIOSFODNN7EXAMPLE)
    • Secret access key (e.g., wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)
  2. Copy and save both values immediately
  3. Click "Done"

Part 3: Get Required Values

You'll need these values for BAP configuration:

ValueWhere to Find
Access Key IDIAM → Users → bap-user → Security credentials
Secret Access KeyShown only at user creation time
Bucket NameS3 → Bucket name you created
RegionWhen creating bucket (e.g., us-east-1)

Part 4: S3-Compatible Storage

For S3-compatible providers (DigitalOcean Spaces, MinIO, Wasabi, etc.), use:

ProviderEndpoint Example
DigitalOcean Spaceshttps://nyc3.digitaloceanspaces.com
Wasabihttps://s3.wasabisys.com
MinIOhttps://your-minio-server:9000

DigitalOcean Spaces Example

{
  "type": "s3",
  "access_key_id": "DOEXAMPLEACCESSKEY",
  "secret_access_key": "your-secret-key",
  "bucket": "bap-wills",
  "region": "nyc3",
  "endpoint": "https://nyc3.digitaloceanspaces.com",
  "path_style": true
}

Troubleshooting

"The bucket you are attempting to access must be addressed using the specified endpoint"

  • Check your region matches where the bucket was created
  • For S3-compatible, use the endpoint parameter

"Access Denied" error

  • Verify IAM user has the correct policy attached
  • Check bucket policy allows the IAM user
  • Ensure bucket is in the same region as your IAM user

"Invalid access key" error

  • Double-check the Access Key ID is correct
  • Verify the Secret Access Key matches exactly

Credentials not working

  • IAM users can have permissions changed — verify policy is attached
  • Check the IAM user isn't disabled

Security Best Practices

  1. Use IAM user, not root — Don't use root AWS credentials
  2. Least privilege — Only grant S3 permissions needed
  3. Rotate keys — Create new keys and delete old periodically
  4. Enable versioning — For backup/restore capability
  5. Use server-side encryption — S3 has built-in encryption (optional)

Next Steps

  • Return to Connecting Storage to complete the setup
  • Add your Access Key ID, Secret Access Key, Bucket Name, and Region in the BAP dashboard

OneDrive Setup

Step-by-step guide to creating Azure AD app credentials for BAP OneDrive storage.

Liveness Settings

Configuring liveness check intervals, response times, and retry attempts in Burning Ash Protocol.

On this page

AWS S3 SetupPrerequisitesPart 1: Create an S3 BucketStep 1: Navigate to S3Step 2: Create BucketStep 3: Configure Bucket SettingsPart 2: Create IAM UserStep 1: Navigate to IAMStep 2: Create UserStep 3: Attach PermissionsStep 4: Complete User CreationStep 5: Save CredentialsPart 3: Get Required ValuesPart 4: S3-Compatible StorageDigitalOcean Spaces ExampleTroubleshooting"The bucket you are attempting to access must be addressed using the specified endpoint""Access Denied" error"Invalid access key" errorCredentials not workingSecurity Best PracticesNext Steps