Skip to main content
Easy Digital Downloads Documentation
Documentation, Reference Materials, and Tutorials for Easy Digital Downloads

Amazon S3

The Amazon S3 extension for Easy Digital Downloads allows you to host download files in your Amazon S3 account. This is secure and more reliable than storing the files on your own hosting account.

In This Article

Creating an IAM account
IAM access keys
Using Amazon S3 With EDD
Forcing Files to Download
Common Issues and Questions

Creating an IAM account

In order for Easy Digital Downloads to connect to your Amazon S3 account, you will need to create an IAM user and attach a permissions policy to the user. You can click Show User Security Credentials to view the access key and secret key. These are the values you need to enter in your WordPress site at Downloads → Settings → Extensions → Amazon S3.

1. Log into your Amazon S3 account

Log into your Amazon S3 account and navigate to the Users page. This page can be found by clicking on your account name in the top right corner and clicking on Security Credentials > Users (Under Access management on the left side of the page).

2. Setup IAM User

A. Add User

If you have an existing IAM user you wish to use, click on that user. If you need to create a new user, click the blue Create User button and follow the prompts. You now need to obtain security credentials and also attach a permissions policy to the user.

B. Set user details:

User name: Create User name of your choice and click Next.

C. Set permissions

  1. Select “Attach policies directly” box.
  2. Then, in the Filter box, enter “S3full”. That will filter the results down to those that are relevant for Amazon S3.
  3. Check the box for AmazonS3FullAccess.
  4. Ignore “Set permissions boundary – optional” section.
  5. Click Next.
D. Review and create

Confirm your permissions match the instructions above. Otherwise, there is nothing to configure here, click Create user.

3. Get Access Keys

You will need an IAM account using the permissions in the above steps. If you’ve created an IAM account in the past with the AmazonS3FullAccess permissions, you can use the existing account.

A. Click IAM user name created above, listed in your AWS Users page.

B. Click on the Security Credentials tab and click Create Access Key.

C. Select Third-party service and Check Confirm.

D. Click Create access key. Not description tag is required.

E. Save Access key & Secret access key.

Note: You will not be able to access the secret key ever again for this user, so make sure that you save the file. If you lose the credentials, you will need to create a new access key.

Your IAM user should now have full permission to access and upload files to the S3 bucket. This provides your EDD store with access to your files and the ability to create secure download links for customers.

F. Add Access key & Secret access key to your EDD store’s Amazon S3 settings under Downloads → Settings → Extensions → Amazon S3.

If you need more assistance creating IAM users or attaching policies, see Amazon’s guide on creating IAM users for more information.

Limit Access to Specific Buckets

If your S3 account is used for other purposes and you want to limit your IAM account (EDD Store) to specific buckets, you can create a custom policy in place of AmazonS3FullAccess. This is done in place of Step 3 of the Set Permissions section.

Click “Attach existing policies directly”, then select “Create Policy”:

Add the policy details below via the JSON editor. Update bucket-name-here with the name(s) of the buckets you want accessible via your EDD store.

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": [
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"

When using this policy, all Bucket names will be viewable but only the ones you place in the Resources section are accessible. If a bucket that is not included in the Resource list is accessed via EDD, a PHP error will occur. We hope to improve this in a future release.


Once the extension is installed and activated you can navigate to Downloads → Settings → Extensions → Amazon S3 and enter your Amazon S3 account info.

1. Enter the Access Key ID and Secret Key

The Access Key ID and Secret Key are obtained by creating an IAM user in your S3 account. See
our guide above for information on how to create an IAM user with the proper permissions.

2. Enter a default Bucket

This is the default bucket that you want files to be uploaded to. In order to create new buckets or get a listing of your current buckets, go to your S3 Console (you must be logged in to access the console). Enter the name of the bucket you would like to use as the default here. When uploading files to Amazon S3, you will have the option to select the bucket you wish the file to be uploaded to.

Bucket Permissions

Your bucket should have Block all public access ON, in order to restrict unauthorized access to files. EDD will provide temporary access to files to customers.

3. Enter an Amazon S3 Host (Optional)

This is the S3 host that your bucket is using. Most of the time this field can be left blank. However, if your site has issues accessing your bucket, try changing this to the Endpoint for your bucket’s region, for you default bucket.

You can find your bucket’s region by logging into your AmazonS3 account, clicking on S3, and then taking a look at the region column listed beside each bucket. It will say what the region is. Once you know that, find the right corresponding host listed on the Amazon S3 Region Documentation. Copy and paste that host and hit save in your WordPress.

4. Link Expiry Time (Optional)

This is the number of minutes that the dynamically generated URL is valid for. When a customer clicks on a download link delivered by Easy Digital Downloads, a new URL for the file on Amazon S3 is generated on the fly. This is the number of minutes the new, secret URL is valid for.

This completes setup of Amazon S3.

Using Amazon S3 With EDD

You will upload files to a downloadable product in exactly the same way as before but you will have two new tabs in the media uploader called Upload to Amazon S3 and Amazon S3 Library.

When you upload a file from this tab, it will be automatically uploaded to your Amazon S3 account. Any file that you upload to S3 will be accessible from your WordPress Media Library, just like any other media file.

Uploading to Amazon S3 via EDD

When you upload a file from this tab, it will be automatically uploaded to your Amazon S3 account.

Adding files already on Amazon S3 to EDD

Any file that you upload to S3 will be accessible from your WordPress Media Library, just like any other media file, via Amazon S3 Library in the media uploader.

Alternatively, you can add files to the File URL manually:

Important Notes:

  • Do not copy and paste the URL directly from your Amazon S3 library into the File URL field. Doing so will result in an Access Denied error message when attempting to download the file.
  • All bucket and folder names in your Amazon S3 account must be all lowercase and not contain any special characters. See Amazon’s documentation on bucket naming restrictions.
  • Not all versions of S3 are available in all Regions. This chart will show which are available in your region.
  • Files delivered through AmazonS3 will deliver as “redirect” even if your store is set to “forced”. Learn More.

Forcing Files to Download

Sometimes your web browser will try to display or play whatever file you’re downloading, and you might end up playing music or video inside your browser, instead of saving it. There are a variety of things that can be done to prevent this, and force the save option, but if you’re storing your files on Amazon S3 then any settings on your web server are ignored.

Instead of relying on the settings of your web server you must configure options properly in S3. Here’s how they should be set.

Note: This setting is applied to a file and/or folder but not the whole bucket

Opening Properties

  1. In your S3 Bucket find the file you wish to work with and select it.
  2. Click Actions >  Change metadata
  3. Click Add Metadata and set the Type to System Defined, Key to Content-Disposition and set the Value to attachment and Save changes.

This will force it to be downloaded instead of played or displayed in your browser.

Common Issues and Questions:

Files open in browser instead of downloading

This can be resolved by Forcing Files to Download.

Will customers be able to see the actual URL of the file and simply download it directly?

No, the customer will see a URL going to your own store, where EDD will translate the location so the download works without the customer seeing the original Amazon source URL.

Error: SSL certificate problem: unable to get local issuer certificate

This error means that the SSL certificate on your website’s server is invalid or installed improperly. To resolve this, contact your hosting company and request that they verify the certificate is installed properly and valid.

Error: Access Denied

This error means that the user of access key ID and secret key you are using does not have the necessary permissions to access S3 buckets and resources.

To resolve this, you will need to attach a new permissions policy to the IAM user. See our
guide on creating an IAM user with the proper permissions to resolve this error.

You may also see this error message if you copied the URL from Amazon S3 and pasted it into the File URL field of your Download. Please see the note above regarding the proper steps that need to be taken to link your files to your Downloads.

Error: RequestTimeTooSkewed

This error happens due to a misconfiguration of your web server’s timezone settings. To resolve it, contact your hosting company and ask them to reconfigure the timezone settings properly.

Error: SignatureDoesNotMatch

If you receive this error, followed by an error message that says
The request signature we calculated does not match the signature you provided, it likely means that your bucket name contains capital letters or spaces. To resolve the issue, rename your bucket so that it does not contain any capital letters. You may also create a new bucket without any capital letters in the name to resolve it.

Error: NoSuchKey The specified key does not exist

This error occurs when there’s an issue with the way the file, or even the bucket, is named. All punctuation and special characters should be removed.

For example: If you have a file named change it to

Other errors or problems uploading files to Amazon S3

If you have issues uploading files to Amazon S3 or accessing existing files in Amazon S3, consult the steps below to resolve the issue.

  1. Check your Amazon S3 Host settings in Downloads → Settings → Extensions → Amazon S3. Ensure that your host is set up correctly, including checking you have set up the correct region (read the point on Amazon S3 Host above to see how to do this).
  2. Ensure the filename of your file is within the maximum limit of 1024 characters. You can find more information in Amazon’s documentation on how to correctly format your filenames.
  3. If you have recently switched to a new Amazon S3 account, and are having trouble uploading files to your bucket(s), this is typically a temporary issue that can happen soon after creating new buckets or accounts. It should resolve itself automatically after a few hours. See Amazon’s documentation for more information on this.
  4. Still no luck? Contact support and include the exact error message or behavior you’re experiencing.

Software License updates failing due to Download failed. cURL error 8: Invalid Content-Length: value

It’s possible the Amazon S3 extension is not forcing redirect for downloads. If you see this error try
setting the Download Method to Forced.

Customer sees Update Failed: Download failed. Internal Server Error when attempting to update a plugin

Confirm that the source file to be used for automatic updates is selected in the Download’s licensing settings.

You will likely see the following PHP Fatal error in the store’s PHP error log file:

PHP Fatal error:  Uncaught InvalidArgumentException: Found 2 errors while validating the input provided for the GetObject operation:
[Key] is missing and is a required parameter
[Key] expected string length to be >= 1, but found string length of 0 in /home/ph198/public_html/wp-content/plugins/edd-amazon-s3/vendor/aws/aws-sdk-php/src/Api/Validator.php:65