1 of 9

Quick Start Guide For AWS S3- ReXgen Air

AWS Bucket Creation

How to Create an Access key and secret key to access the S3 Bucket?

Deploying Lambda Function To AWS

AWS Bucket Creation

The following document lists the simple steps that allow the user to create an AWS bucket for storage.

Note:

The listed steps are as per the current process in the AWS portal.

What are AWS S3?

Amazon Simple Storage Service (S3) is an object storage built to retrieve data anytime and from anywhere. It lets you store, distribute and manage your data in the Cloud. The need for more and more data storage continues to grow, and building your storage is not an option. AWS S3 lets you securely collect, analyse and store your data at a massive scale. It even enables you to distribute and manage your data by running multiple applications, hosting high-traffic websites, using 3rd party software, and delivering content.

Influx ReXgen Air now lets you store your data to AWS S3. This not only reduces cost but has no upfront investments. One can think of it as a paid taxi service, where you own nothing and pay for the service, allowing users to pay only for the storage and data transfer they use. One of the main benefits of using S3 is storing and accessing data from anywhere with an internet connection.

How does AWS work?

Amazon Simple Storage Services, as the name suggests, provides a web interface for storing files. Each file is stored as an object within the 'bucket', which serves as a container for storing objects that need to be accessed by multiple users or devices, such as documents, images, and videos. S3 also offers a range of features that make it easy to manage and organise data, including creating and managing folders, setting access controls, and tracking users' activity. It is not only low cost as it allows you to pay as you go, but it also has multiple advantages like no investment, scalability, flexibility, global availability, reliability, and security, making AWS S3 stand out. Data stored in S3 buckets is stored across multiple devices in multiple facilities across the specified region, making it highly resistant to data loss. S3 is also designed to scale automatically to meet users' needs, making it easy to store and access large amounts of data without worrying about capacity limits. Overall, AWS S3 is a robust and reliable cloud storage service that offers a range of features and pricing options to meet the needs of different users. Whether you are looking to store large amounts of data or need a place to store and share documents, S3 is an excellent solution.

How to create a bucket?

The first step for creating an AWS S3 bucket is to have an Amazon Web Services (AWS) account. Signing up for AWS automatically signs you up for all services in AWS, including Amazon S3.

How to create an Amazon Web Services (AWS) account?

Open https://portal.aws.amazon.com/billing/signup#/start/email

Sign-Up (new user): fill in the email address and an account name, then click 'verify email address'.

Note:

This sends an auto-generated verification code to your mentioned email ID; follow the instructions given in the email for verification.

A sign-up automatically creates a 'root user' account on AWS. The root user can access all AWS services and resources in the account.

Note:

As a security best practice, assign administrative access to an administrative user and use only the root user to perform tasks requiring access.

How to create a bucket?

Sign in to your Amazon Web Services (AWS) account.
Under Services, choose Storage to open the Amazon S3 console.

Choose Create Bucket.

Specify the bucket name in Bucket Name and your desired region in the AWS Region section, for example, Europe (London) eu-west-2.

Note:

The bucket name must satisfy the rules for bucket naming listed by AWS. Refer to 'See rules for bucket naming'.

Fill in all the other required fields as desired.
Click Create bucket.

Once the bucket is created successfully, it is displayed in the Buckets pane.

How to Create an Access key and secret key to access the S3 Bucket?

Sign in to your Amazon Web Services (AWS) account:
Under Services, choose 'All services' and open the 'IAM' (Identity and Access Management) console.

Under 'Access management', click Users and then 'Create user'.

Specify the IAM user name (read the other instructions properly and grant permissions as desired).
Click 'Next'.

The next step involves granting permissions to the user-specified.
- One can add this new user to the existing groups by selecting 'Add user to group' or to copy the policies from an existing user, select 'Copy permissions' options.

You can create a custom policy with the necessary permissions to restrict access to a single Amazon S3 bucket when creating an IAM policy for an IAM user using JSON. Select 'Attach policies directly' and click 'Create policy'.

Select 'JSON" from the displayed options.

This displays the 'Policy editor window' where you can define the policy.
Below is an example of a JSON policy that allows read access to a single S3 bucket named "my-example-bucket" (you can modify it to fit your specific requirements).

Editable Example

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket",
				"arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
}

Detailed explanation for the example above:

Below is the detailed explanation for the example JSON policy to access a single S3 bucket named "example-bucket" (you can modify it to fit your specific requirements)

This JSON snippet represents an AWS IAM policy statement that grants permissions related to Amazon S3 (Simple Storage Service) and S3 Object Lambda for a specific bucket (your-bucket.

Version

"Version": "2012-10-17"

The version here specifies the version of the policy language being used. This particular version (2012-10-17) is commonly used in AWS IAM policies.

Statement

"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:*",
            "s3-object-lambda:*"
        ],
        "Resource": [
            "arn:aws:s3:::your-bucket",
            "arn:aws:s3:::your-bucket/*"
        ]
    }
]

Enclosed is the main body of the policy, where permissions are defined.

Effect: Specifies whether the statement allows (Allow) or denies (Deny) access. In this case, it allows access.

Action: Lists the actions that are allowed.

"s3:*": Allows all actions on S3 buckets and objects within the bucket.
"s3-object-lambda:*": Allows all actions on S3 Object Lambda, a feature that lets you run custom code on S3 GET requests.

Resource: Specifies the AWS resources to which the actions apply.

"arn:aws:s3:::your-bucket": Refers to the bucket itself (your-bucket) and allows actions on the bucket metadata.
"arn:aws:s3:::your-bucket/*": Refers to all objects within the bucket (your-bucket/*) and allows actions on all objects stored within the bucket.

Explanation

Permissions: This policy grants full access (s3:*) to all operations on the bucket (your-bucket) and its objects (your-bucket/*). It also grants full access (s3-object-lambda:*) to S3 Object Lambda operations. Permissions include reading, writing, deleting, and performing any other operations permitted by S3 and S3 Object Lambda.

Scope: The policy applies only to the specific bucket (your-bucket) and its contents. It does not apply to other buckets or resources within AWS.

Considerations

Security: Granting s3:* and s3-object-lambda:* Actions allow extensive control over the specified bucket and its objects. Ensure that such permissions are granted only to trusted entities and that potential security risks are carefully considered.

Best Practices: It is generally recommended that permissions be limited to only those actions and resources necessary for the intended use case, minimising the potential impact of accidental or malicious actions.

This policy would typically be attached to an IAM user, group, or role in AWS Identity and Access Management (IAM) to grant the specified permissions to that entity.

To create and attach this policy to an existing IAM user, follow these steps:

Sign in to the AWS Management Console.
Navigate to the IAM service.
Create or select the IAM user to restrict access to.
In the "Permissions" tab for the user, click "Add permissions."
Choose "Attach existing policies directly."
Click the "JSON" tab and paste the JSON policy into the text box.
Review and click "Next: Review" to proceed.
Review the permissions and the policy you attached to the user.
Click "Add permissions" to attach the policy to the user.

You can modify the JSON policy to include additional actions or restrict access according to your requirements.

Once you have defined the permissions accordingly, click 'Next'.
Review the details specified and click 'Create user'.

Once the user is created successfully, identify and click on the name to proceed.

Click Security credentials, and under Access Keys, click 'Create access key'.

This takes you to a screen which prompts you to consider use cases and alternatives.
Click 'Other' (read the best practices for managing the access key).
Click 'Next'.

Specify the description tag value and click 'Create access key'.

This generates your Access and Secure Access keys.

Once the access key and the secret access keys are generated, copy and paste them to a secure location, as you can view the Secret access key only once.

Click 'Done' to complete the process.

Configuring ReXgen AIR

ReXgen AIR AWS And Mobile Settings lets users view and define the and settings.

Mobile Settings

Label: This allows the user to define a name for mobile settings.
User: This allows the user to enter the mobile server user name.
Pass: This allows the user to define a password for the mobile settings.
APN: Enter the APN.
PIN: Enter the pin to the defined APN.
No Communication timeout (min): The user can enter the delay interval for communication time out in minutes.
Get Real-Time From Mobile: Users can enable this to get real-time from the server.

AWS Settings

Steps to add new AWS settings using ReXdesk

Click the ‘Tools’ tab in the Navigation bar and select ‘Cloud Settings’.

In the Cloud Settings window, select the ‘S3 ‘option and then select the ‘New S3’ option.

In the S3 Settings window, specify the Region from the drop-down menu.

Specify the type of storage services - AWS or Compatible (alternate S3 API-supported storage services).

Specify the S3 Connection type from the drop-down menu. Select Plain for HTTP connection and SSL for HTTPS (Certificate must be added to the XML file).

Specify ‘Port’ details: 80 if the connection type is Plain, 443 if the connection type is SSL.

Specify the bucket name for objects stored in Amazon S3.

Specify the ‘Access Key’ and ‘Secret Key’ for the AWS account

Click ‘OK’.

The new AWS S3 setting details have been defined using ReXdesk.

Click on ’x’ to exit the window.

Steps to enable AWS configuration in the ReXgen logger

Prepare the base configuration for the logger.

In the Device Configuration window, Click on the ‘Upload’ tab.

Enable the ‘checkbox’ for ‘Enable Aws’.

For a single setting, details are auto-filled in the subsequent sections.
Users can select the desired setting from the corresponding drop-down menus for multiple settings.

Click the ‘Run’ tab in the Navigation bar.

Save the project:

a) Save project: allows you to save the project with the user-defined name.

b) Continue as “New Project”: saves the configuration labelled ‘New Project.’

Click ‘OK’ once the configuration is uploaded successfully.

Uploading AWS and Mobile settings

Notes:

Before you begin the steps, ensure your logger is connected to the server with an existing configuration.

Make the new configuration.
Enable AWS from the Device Configuration menu.

Notes:

Set your configuration check time in the given section while enabling AWS.

Save the Project with the name you require for the configuration.
Under the ‘Config’ tab, select Export from the drop-down menu.
Select ‘Export ReXgen Configuration (rxc)’ from the listed options.

Save the file with the desired name.
Click ‘Save’.
Once saved, rename the file as ‘config.rxc.’

Notes:

Ensure that you rename the file as 'config.rxc' only.

Add to your configuration folder in your S3 bucket by adding it to the root folder of the logger.

Notes:

Once the USB is removed, only then the logger will connect to the server and upload files.

How to Create an Access key and secret key to access the S3 Bucket?

Sign in to your Amazon Web Services (AWS) account:
Under Services, choose 'All services' and open the 'IAM' (Identity and Access Management) console.

Under 'Access management', click Users and then 'Create user'.

Specify the IAM user name (read the other instructions properly and grant permissions as desired).
Click 'Next'.

The next step involves granting permissions to the user-specified.
- One can add this new user to the existing groups by selecting 'Add user to group' or to copy the policies from an existing user, select 'Copy permissions' options.

You can create a custom policy with the necessary permissions to restrict access to a single Amazon S3 bucket when creating an IAM policy for an IAM user using JSON. Select 'Attach policies directly' and click 'Create policy'.

Select 'JSON" from the displayed options.

This displays the 'Policy editor window' where you can define the policy.
Below is an example of a JSON policy that allows read access to a single S3 bucket named "my-example-bucket" (you can modify it to fit your specific requirements).

Editable Example

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:*",
                "s3-object-lambda:*"
            ],
            "Resource": [
                "arn:aws:s3:::your-bucket",
				"arn:aws:s3:::your-bucket/*"
            ]
        }
    ]
}

Detailed explanation for the example above:

Below is the detailed explanation for the example JSON policy to access a single S3 bucket named "example-bucket" (you can modify it to fit your specific requirements)

This JSON snippet represents an AWS IAM policy statement that grants permissions related to Amazon S3 (Simple Storage Service) and S3 Object Lambda for a specific bucket (your-bucket.

Version

"Version": "2012-10-17"

The version here specifies the version of the policy language being used. This particular version (2012-10-17) is commonly used in AWS IAM policies.

Statement

"Statement": [
    {
        "Effect": "Allow",
        "Action": [
            "s3:*",
            "s3-object-lambda:*"
        ],
        "Resource": [
            "arn:aws:s3:::your-bucket",
            "arn:aws:s3:::your-bucket/*"
        ]
    }
]

Enclosed is the main body of the policy, where permissions are defined.

Effect: Specifies whether the statement allows (Allow) or denies (Deny) access. In this case, it allows access.

Action: Lists the actions that are allowed.

"s3:*": Allows all actions on S3 buckets and objects within the bucket.
"s3-object-lambda:*": Allows all actions on S3 Object Lambda, a feature that lets you run custom code on S3 GET requests.

Resource: Specifies the AWS resources to which the actions apply.

"arn:aws:s3:::your-bucket": Refers to the bucket itself (your-bucket) and allows actions on the bucket metadata.
"arn:aws:s3:::your-bucket/*": Refers to all objects within the bucket (your-bucket/*) and allows actions on all objects stored within the bucket.

Explanation

Scope: The policy applies only to the specific bucket (your-bucket) and its contents. It does not apply to other buckets or resources within AWS.

Considerations

This policy would typically be attached to an IAM user, group, or role in AWS Identity and Access Management (IAM) to grant the specified permissions to that entity.

To create and attach this policy to an existing IAM user, follow these steps:

Sign in to the AWS Management Console.
Navigate to the IAM service.
Create or select the IAM user to restrict access to.
In the "Permissions" tab for the user, click "Add permissions."
Choose "Attach existing policies directly."
Click the "JSON" tab and paste the JSON policy into the text box.
Review and click "Next: Review" to proceed.
Review the permissions and the policy you attached to the user.
Click "Add permissions" to attach the policy to the user.

You can modify the JSON policy to include additional actions or restrict access according to your requirements.

Once you have defined the permissions accordingly, click 'Next'.
Review the details specified and click 'Create user'.

Once the user is created successfully, identify and click on the name to proceed.

Click Security credentials, and under Access Keys, click 'Create access key'.

This takes you to a screen which prompts you to consider use cases and alternatives.
Click 'Other' (read the best practices for managing the access key).
Click 'Next'.

Specify the description tag value and click 'Create access key'.

This generates your Access and Secure Access keys.

Once the access key and the secret access keys are generated, copy and paste them to a secure location, as you can view the Secret access key only once.

Click 'Done' to complete the process.

AWS Bucket Creation

The following document lists the simple steps that allow the user to create an AWS bucket for storage.

Note:

The listed steps are as per the current process in the AWS portal.

What are AWS S3?

How does AWS work?

How to create a bucket?

The first step for creating an AWS S3 bucket is to have an Amazon Web Services (AWS) account. Signing up for AWS automatically signs you up for all services in AWS, including Amazon S3.