[[TOC()]] = [wiki:help/en Cyberduck Help] / [wiki:help/en/howto Howto] / Amazon S3 Support = Transfer files to your [http://aws.amazon.com/s3 S3] account and browse the S3 buckets and files in a hierarchical way as you are used to with other remote file systems supported by Cyberduck. For a short overview of Amazon S3, refer to the Wikipedia [http://en.wikipedia.org/wiki/Amazon_S3 article]. === Connecting to Amazon S3 === You must obtain the login credentials (''Access Key ID'' and ''Secret Access Key'') of your Amazon Web Services [http://aws.amazon.com/account/ Account] from the ''AWS Access Identifiers'' [http://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key page]. In the login prompt of Cyberduck upon connecting to S3 you enter the ''Access Key ID'' for the username and ''Secret Access Key'' for the password. === Buckets === To create a new [http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?UsingBucket.html bucket] for your account, browse to the root and choose ''File → New Folder...''. You can choose the bucket location in ''Preferences → S3''. Note that Amazon has a different pricing scheme for different locations. Supported locations are: * EU (Ireland) * US Standard * US-West (Northern California) '''Important''': Because the bucket name must be globally unique the operation might fail if the name is already taken by someone else (E.g. don't assume any common name like ''media'' or ''images'' will be available). === Folders === Creating a folder inside a bucket will create a placeholder object named after the directory, has no data content and the mimetype `application/x-directory`. === Access Control === Amazon S3 uses Access Control List (ACL) settings to control who may access or modify items stored in S3. By default, all buckets and objects created in S3 are accessible only to the account owner. You must give ''Other'' read permissions for your objects in ''File → Info → Permissions'' to make them accessible using a regular web browser for everyone. === CloudFront Distribution === You can enable cloud front distribution using ''File → Info → Distribution''. You must [http://aws.amazon.com/cloudfront/ signup] for Amazon CloudFront first. Make sure your objects in the bucket you want to enable distribution for are world readable (in File → Info → Permissions ''Other'' must have the ''Read'' checkbox toggled on). See also [http://sudo.ch/2008/12/01/amazon-cloudfront/ this blog entry]. * Multiple CNAMEs for CloudFront distribution Using ''File → Info → Distribution'' you can enter multiple CNAMEs for your bucket distribution. The hostnames must be space delimited. === Signed URLs === Use ''File → Info'' to copy the signed public URL from the S3 section. Hovering the URL will display the expiry date. * Choose the lifetime for publicly available auto-expiring signed URL using the hidden option {{{s3.url.expire.seconds}}}. {{{ defaults write ch.sudo.cyberduck s3.url.expire.seconds 86400 }}} === Cache Control Setting === This option lets you control how long a client accessing objects from your S3 bucket will cache the content and thus lowering the number of access to your S3 storage. In conjunction with Amazon CloudFront, it controls the time an object stays in an edge location until it expires. After the object expires, CloudFront must go back to the origin server the next time that edge location needs to serve that object. By default, all objects automatically expire after 24 hours when no custom `Cache-Control` header is set. The default setting to choose from in the ''File → Info'' panel in Cyberduck is `Cache-Control: public,max-age=2052000` which translates to a cache expiration of one month (one month in seconds equals more or less `60*60*24*30`). * Use the hidden configuration option `s3.cache.seconds` to set a custom default value {{{ defaults write ch.sudo.cyberduck s3.cache.seconds 2052000 }}} * [http://docs.amazonwebservices.com/AmazonCloudFront/latest/GettingStartedGuide/index.html?NextSteps.html Amazon CloudFront and Your Live System]. * Read more about [http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?Expiration.html Amazon CloudFront Object Expiration]. === Bucket Access Logging === When this option is enabled in the 'File → 'Info'' panel of a bucket or any file within, available log records for this bucket are periodically aggregated into log files and delivered to `/logs`. Citing the Amazon S3 [http://docs.amazonwebservices.com/AmazonS3/2006-03-01/index.html?LoggingHowTo.html documentation]: ''An Amazon S3 bucket can be configured to create access log records for the requests made against it. An access log record contains details about the request such as the request type, the resource with which the request worked, and the time and date that the request was processed. Server access logs are useful for many applications, because they give bucket owners insight into the nature of requests made by clients not under their control. 'There is no extra charge for enabling the server access logging feature on an Amazon S3 bucket, however any log files the system delivers to you will accrue the usual charges for storage (you can delete the log files at any time). No data transfer charges will be assessed for log file delivery, but access to the delivered log files is charged for data transfer in the usual way.'' === CloudFront Access Logging === When this option is enabled in the ''File → Info'' panel of a bucket or any file within, the access logs of the enabled distribution are written to `/logs`. The changes to your distribution's logging configuration take effect within 12 hours. Citing the Amazon CloudFront [http://docs.amazonwebservices.com/AmazonCloudFront/2009-04-02/DeveloperGuide/index.html?AccessLogs.html documentation]: ''Access logs are activity records that show you details about every request delivered through Amazon CloudFront. They contain a comprehensive set of information about requests for your content, including the object requested, the date and time of the request, the edge location serving the request, the client IP address, the referrer and the user agent. Access logging is an optional feature of CloudFront. There is no extra charge for enabling access logging. However, you accrue the usual Amazon S3 charges for storing and accessing the files (you can delete them at any time). With CloudFront logging (unlike with Amazon S3 server access logging), you also accrue Amazon S3 data transfer charges for each log file that CloudFront writes to your bucket. '' === BitTorrent Distribution === Use ''File → Info'' to copy the BitTorrent URL to your content from the S3 section.