# Amazon S3

The [Amazon S3 extension](https://easydigitaldownloads.com/extensions/amazon-s3/) for Easy Digital Downloads allows you to host download files in your Amazon S3 account. This is secure and more reliable than storing the files on your own hosting account.

##### In This Article

[Creating an IAM account](#iam)
[IAM access keys](#access-keys "IAM access keys")
[Setup](#setup)
[Using Amazon S3 With EDD](#edd "Using Amazon S3 With EDD
")[Forcing Files to Download](#forcing)
[Common Issues and Questions](#common)

### Creating an IAM account

In order for Easy Digital Downloads to connect to your Amazon S3 account, you will need to create an IAM user and attach a permissions policy to the user. You can click *Show User Security Credentials* to view the access key and secret key. These are the values you need to enter in your WordPress site at ***Downloads → Settings → Extensions → Amazon S3**.*

#### 1. Log into your Amazon S3 account

Log into your Amazon S3 account and navigate to the [Users page](https://console.aws.amazon.com/iam/home#users). This page can be found by clicking on your account name in the top right corner and clicking on *Security Credentials* > Users (Under Access management on the left side of the page).

#### 2. Setup IAM User

**A. Add User**

If you have an existing IAM user you wish to use, click on that user. If you need to create a new user, click the blue ***Create User*** button and follow the prompts. You now need to obtain security credentials and also attach a permissions policy to the user.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Markup-on-2023-09-28-at-205732-1200x343.jpg)**B. Set user details:**

User name: Create User name of your choice and click Next.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Screenshot-2023-09-28-at-85933 PM-1200x632.png)**C. Set permissions**

1. Select "**Attach policies directly**" box.
2. Then, in the *Filter* box, **enter "S3full"**. That will filter the results down to those that are relevant for Amazon S3.
3. ***Check*** the box for ***AmazonS3FullAccess****.*
4. Ignore "Set permissions boundary - optional" section.
5. Click ***Next***.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Markup-on-2023-09-29-at-081457-1200x587.png)##### D. Review and create

Confirm your permissions match the instructions above. Otherwise, there is nothing to configure here, click **Create user.**

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Screenshot-2023-09-29-at-81809-AM-1200x600.jpg)### 3. Get Access Keys

You will need an IAM account using the permissions in the above steps. If you've created an IAM account in the past with the ***AmazonS3FullAccess*** permissions, you can use the existing account.

A. Click IAM user name created above, listed in your AWS [Users page](https://console.aws.amazon.com/iam/home#users).

B. Click on the ***Security Credentials*** tab and click ***Create Access Key***.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Screenshot-2023-09-29-at-82805 AM-1200x1116.png)C. Select ***Third-party service*** and Check ***Confirm***.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Markup-on-2023-09-29-at-083225-1200x1196.png)D. Click ***Create access key***. Not description tag is required.

E. Save ***Access key*** & ***Secret access key***.

Note: You will not be able to access the secret key ever again for this user, so make sure that you save the file. If you lose the credentials, you will need to create a new access key.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Screenshot-2023-09-29-at-83848 AM-1200x717.png)Your IAM user should now have full permission to access and upload files to the S3 bucket. This provides your EDD store with access to your files and the ability to create secure download links for customers.

F. Add ***Access key*** & ***Secret access key*** to your EDD store's Amazon S3 settings under ***Downloads → Settings → Extensions → Amazon S3**.*

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Markup-on-2023-09-29-at-084431-1200x567.jpg)If you need more assistance creating IAM users or attaching policies, see [Amazon's guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html?icmpid=docs_iam_console) on creating IAM users for more information.

### Limit Access to Specific Buckets

If your S3 account is used for other purposes and you want to limit your IAM account (EDD Store) to specific buckets, you can create a custom policy in place of AmazonS3FullAccess. This is done in place of **Step 3 of the Set Permissions section**.

Click "Attach existing policies directly", then select "Create Policy":![](https://easydigitaldownloads.com/wp-content/uploads/2022/07/file-LODX9jH62a.png)

Add the policy details below via the JSON editor. Update bucket-name-here with the name(s) of the buckets you want accessible via your EDD store.

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObjectAcl",
                "s3:GetObject",
                "s3:ListBucketMultipartUploads",
                "s3:AbortMultipartUpload",
                "s3:ListBucket",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::bucket-name-here",
                "arn:aws:s3:::bucket-name-here/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}
```

When using this policy, all Bucket names will be viewable but only the ones you place in the Resources section are accessible. If a bucket that is not included in the Resource list is accessed via EDD, a PHP error will occur. We hope to improve this in a future release.

### Setup

Once the extension is [installed and activated](https://easydigitaldownloads.com/docs/how-do-i-install-an-extension/) you can navigate to ***Downloads → Settings → Extensions → Amazon S3*** and enter your Amazon S3 account info.

![](https://easydigitaldownloads.com/wp-content/uploads/2022/07/6184ccf54ab5e.png)#### 1. Enter the Access Key ID and Secret Key

The Access Key ID and Secret Key are obtained by creating an IAM user in your S3 account. See
 [our guide above](#iam) for information on how to create an IAM user with the proper permissions.

#### 2. Enter a default Bucket

This is the default bucket that you want files to be uploaded to. In order to create new buckets or get a listing of your current buckets, go to your [S3 Console](https://console.aws.amazon.com/s3/home) (you must be logged in to access the console). Enter the name of the bucket you would like to use as the default here. When uploading files to Amazon S3, you will have the option to select the bucket you wish the file to be uploaded to.

##### Bucket Permissions

Your bucket should have *Block all public access* ON, in order to restrict unauthorized access to files. EDD will provide temporary access to files to customers.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Screenshot-2023-09-29-at-90249 AM-1200x865.png)#### 3. Enter an Amazon S3 Host (Optional)

This is the S3 host that your bucket is using. Most of the time this field can be left blank. However, if your site has issues accessing your bucket, try changing this to the *Endpoint* for your bucket's region, for you default bucket*.*

You can find your bucket's region by logging into your AmazonS3 account, clicking on S3, and then taking a look at the region column listed beside each bucket. It will say what the region is. Once you know that, find the right corresponding host listed on the [Amazon S3 Region Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region). Copy and paste that host and hit save in your WordPress.

![](https://easydigitaldownloads.com/wp-content/uploads/2023/09/Markup-on-2023-09-29-at-091034-1200x390.png)#### 4. Link Expiry Time (Optional)

This is the number of minutes that the dynamically generated URL is valid for. When a customer clicks on a download link delivered by Easy Digital Downloads, a new URL for the file on Amazon S3 is generated on the fly. This is the number of minutes the new, secret URL is valid for.

**This completes setup of Amazon S3.**

### Using Amazon S3 With EDD

You will upload files to a downloadable product in exactly the same way as before but you will have two new tabs in the media uploader called *Upload to Amazon S3* and *Amazon S3 Library*.

When you upload a file from this tab, it will be automatically uploaded to your Amazon S3 account. Any file that you upload to S3 will be accessible from your WordPress Media Library, just like any other media file.

#### Uploading to Amazon S3 via EDD

When you upload a file from this tab, it will be automatically uploaded to your Amazon S3 account.

![](https://easydigitaldownloads.com/wp-content/uploads/2022/07/6184ccf6a9f3b.gif)#### Adding files already on Amazon S3 to EDD

Any file that you upload to S3 will be accessible from your WordPress Media Library, just like any other media file, via *Amazon S3 Library* in the media uploader.

![](https://easydigitaldownloads.com/wp-content/uploads/2022/07/6184ccf75749c.png)Alternatively, you can add files to the File URL manually:

![](https://easydigitaldownloads.com/wp-content/uploads/2022/07/6184ccf7b206a.png)Important Notes:

- Do not copy and paste the URL directly from your Amazon S3 library into the File URL field. Doing so will result in an Access Denied error message when attempting to download the file.
- All bucket and folder names in your Amazon S3 account *must* be all lowercase and not contain any special characters. See Amazon's documentation on [bucket naming restrictions](https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html).
- Not all versions of S3 are available in all Regions. [This chart will show which are available in your region.](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region)
- Files delivered through AmazonS3 will deliver as "redirect" even if your store is set to "forced". [Learn More.](https://easydigitaldownloads.com/docs/what-is-the-difference-between-forced-download-and-redirect-download/)



### Forcing Files to Download

Sometimes your web browser will try to display or play whatever file you're downloading, and you might end up playing music or video inside your browser, instead of saving it. There are a variety of things that can be done to prevent this, and force the save option, but if you're storing your files on Amazon S3 then any settings on your web server are ignored.

Instead of relying on the settings of your web server you must configure options properly in S3. Here's how they should be set.

Note: This setting is applied to a file and/or folder but not the whole bucket

#### Opening Properties

1. In your S3 Bucket find the file you wish to work with and select it.
2. Click ***Actions > Change metadata***. 
    ![](https://easydigitaldownloads.com/wp-content/uploads/2022/01/Markup-on-2023-09-29-at-093702.png)
3. Click ***Add Metadata*** and set the Type to ***System Defined***, Key to ***Content-Disposition*** and set the Value to ***attachment*** and ***Save changes***.
    ![](https://easydigitaldownloads.com/wp-content/uploads/2022/01/Markup-on-2023-09-29-at-100245.png)

This will force it to be downloaded instead of played or displayed in your browser.

### Common Issues and Questions:

**Files open in browser instead of downloading**

This can be resolved by [Forcing Files to Download](#forcing).

**Will customers be able to see the actual URL of the file and simply download it directly?**

No, the customer will see a URL going to your own store, where EDD will translate the location so the download works without the customer seeing the original Amazon source URL.

**Error: SSL certificate problem: unable to get local issuer certificate**

This error means that the SSL certificate on your website's server is invalid or installed improperly. To resolve this, contact your hosting company and request that they verify the certificate is installed properly and valid.

**Error: Access Denied**

This error means that the user of access key ID and secret key you are using does not have the necessary permissions to access S3 buckets and resources.

To resolve this, you will need to attach a new permissions policy to the IAM user. See our
[guide on creating an IAM user](https://easydigitaldownloads.com/docs/amazon-s3/#iam) with the proper permissions to resolve this error.

You may also see this error message if you copied the URL from Amazon S3 and pasted it into the File URL field of your Download. Please see the note above regarding the proper steps that need to be taken to link your files to your Downloads.

**Error: RequestTimeTooSkewed**

This error happens due to a misconfiguration of your web server's timezone settings. To resolve it, contact your hosting company and ask them to reconfigure the timezone settings properly.

**Error: SignatureDoesNotMatch**

If you receive this error, followed by an error message that says
*The request signature we calculated does not match the signature you provided*, it likely means that your bucket name contains capital letters or spaces. To resolve the issue, rename your bucket so that it does not contain any capital letters. You may also create a new bucket without any capital letters in the name to resolve it.

**Error: NoSuchKey The specified key does not exist**

This error occurs when there's an issue with the way the file, or even the bucket, is named. All punctuation and special characters should be removed.

*For example:* If you have a file named test-file-one.mp4.zip change it to testfileone.zip

**Other errors or problems uploading files to Amazon S3**

If you have issues uploading files to Amazon S3 or accessing existing files in Amazon S3, consult the steps below to resolve the issue.

1. Check your Amazon S3 Host settings in ***Downloads → Settings → Extensions → Amazon S3***. Ensure that your host is set up correctly, including checking you have set up the correct region (read the point on Amazon S3 Host above to see how to do this).
2. Ensure the filename of your file is within the maximum limit of 1024 characters. You can find more information in [Amazon's documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html) on how to correctly format your filenames.
3. If you have recently switched to a new Amazon S3 account, and are having trouble uploading files to your bucket(s), this is typically a temporary issue that can happen soon after creating new buckets or accounts. It should resolve itself automatically after a few hours. See Amazon's [documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/Redirects.html) for more information on this.
4. Still no luck? Contact [support](https://easydigitaldownloads.com/support) and include the exact error message or behavior you're experiencing.

**Software License updates failing due to Download failed. cURL error 8: Invalid Content-Length: value**

It's possible the Amazon S3 extension is not forcing redirect for downloads. If you see this error try
[setting the Download Method to Forced](https://easydigitaldownloads.com/docs/what-is-the-difference-between-forced-download-and-redirect-download/).

**Customer sees *Update Failed: Download failed. Internal Server Error* when attempting to update a plugin**

Confirm that the source file to be used for automatic updates is selected in the Download's licensing settings.

You will likely see the following PHP Fatal error in the store's PHP error log file:

```
PHP Fatal error:  Uncaught InvalidArgumentException: Found 2 errors while validating the input provided for the GetObject operation:
[Key] is missing and is a required parameter
[Key] expected string length to be >= 1, but found string length of 0 in /home/ph198/public_html/wp-content/plugins/edd-amazon-s3/vendor/aws/aws-sdk-php/src/Api/Validator.php:65
```