VibeCodeMaxVibeCodeMax
Docs/Storage/Setup

Setup AWS S3

Create an S3 bucket and configure IAM credentials for file storage.

Environment Variables

VariableDescriptionTypeSource
AWS_ACCESS_KEY_IDAWS IAM access key ID*
server
secret
AWS IAM → Users → Security credentials
AWS_SECRET_ACCESS_KEYAWS IAM secret access key*
server
secret
AWS IAM → Users → Security credentials
AWS_REGIONAWS region for your S3 bucket*
server
safe
e.g., us-east-1, eu-west-1
AWS_S3_BUCKET_NAMEName of your S3 bucket*
server
safe
AWS S3 Console
AWS_CLOUDFRONT_URLCloudFront distribution URL (optional)
public
safe
AWS CloudFront Console

* Required variable

Step 1: Create S3 Bucket

  1. Go to AWS S3 Console
  2. Click "Create bucket"
  3. Enter a unique bucket name
  4. Select your preferred region
  5. Configure public access settings based on your needs
  6. Click "Create bucket"
Bucket Naming
S3 bucket names must be globally unique. Use a prefix like your organization name to avoid conflicts.

Step 2: Configure CORS

Enable CORS for browser uploads:

  1. Open your bucket in the S3 console
  2. Go to Permissions → Cross-origin resource sharing (CORS)
  3. Add the following configuration:
CORS Configuration
[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "POST", "DELETE"],
    "AllowedOrigins": ["http://localhost:3000", "https://yourdomain.com"],
    "ExposeHeaders": ["ETag"]
  }
]

Step 3: Create IAM User

  1. Go to AWS IAM Console
  2. Navigate to Users → Create user
  3. Enter a username (e.g., "app-s3-user")
  4. Select "Attach policies directly"
  5. Search for and attach "AmazonS3FullAccess" (or create a more restrictive policy)
  6. Complete user creation
Least Privilege
For production, create a custom policy that only grants access to your specific bucket instead of using AmazonS3FullAccess.

Step 4: Create Access Keys

  1. Open the IAM user you created
  2. Go to Security credentials
  3. Click "Create access key"
  4. Select "Application running outside AWS"
  5. Copy both the Access key ID and Secret access key
Save Your Credentials
The secret access key is only shown once. Save it securely before closing.

Step 5: Add to .env.local

.env.local
# AWS S3 Configuration
AWS_ACCESS_KEY_ID=AKIAXXXXXXXXXXXXXXXX
AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AWS_REGION=us-east-1
AWS_S3_BUCKET_NAME=your-bucket-name

# Optional: CloudFront CDN
# AWS_CLOUDFRONT_URL=https://dxxxxxxxxx.cloudfront.net
Storage OverviewNext: Admin Module
Setup AWS S3 | Storage Module | VibeCodeMax Docs