Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.This service is for Amazon S3 and CloudFront.
No third-party library is required.
AWS will not allow operations to be done on S3 or Cloudfront if the reported time by your server/computer is over 15 seconds different from their time (see #2002236: Add S3 container: "The difference between the request time and the current time is too large")
A container is an S3 bucket and an S3 account. Access key ID and Secret access key must be provided.
Access keys can be from the account credentials that have rights to all services or from credentials that have limited IAM policies attached. Read how to control access credentials.
The bucket may already exist, but if it is, it must be empty and owned by the account associated with the access key ID. While it is true that the bucket can already exist, the best practice is to allow the module to create the bucket. Many people have issues with pre-existing buckets and they are all unique in their own way. This means it's impossible to troubleshoot issues.
S3 buckets have a global namespace, so it is not possible to get a bucket that someone else is already using. For that reason, this service will never attempt to delete a bucket.
If the 'Serve with CloudFront' option is enabled, then a CloudFront distribution will be attached to the S3 bucket. This takes several minutes in most cases and depending on the speed of AWS at the moment could take as much as half an hour to an hour to complete. Storage API will poll CloudFront during cron to determine when the distribution has been deployed (you can force cron to run on your site to get an update). Until the distribution is to a status of "deployed" on AWS files will be served directly from S3.
If the 'Stream with CloudFront' option is enabled, then a CloudFront streaming distribution will be attached to the S3 bucket. Same information applies here as the last paragraph on "Serve with Cloudfront"
The geographical location of the bucket can also be selected. The options are:
- US Standard (default)
- US West (Northern California)
- US West (Oregon)
- EU (Ireland)
- EU Central (Frankfurt) (Currently blocked by #2379805: Update AWS Provider to use Signing Version 4)
- Asia Pacific (Tokyo)
- Asia Pacific (Singapore)
- Asia Pacific (Sydney)
- South America (Sao Paulo)
A container with access control enabled will only serve a file when the URL has been cryptographically signed. This service does this automatically. The URL lifetime setting defines how long the signed URLs will operate for. Be aware that if these URLs are cached anywhere, they may have already expired when sent out to the client if the lifetime is not sufficiently large.
This service supports Storage API's 'can_copy' functionality. This means that files can be copied between S3 containers directly. This is considerably faster than downloading and uploading, and does not incur a charge.
