Skip to content
This repository was archived by the owner on Jul 17, 2025. It is now read-only.

AWS Config

Jump to bottom
lijulia edited this page Apr 15, 2021 · 8 revisions

If you are new to AWS, you can reference the following step by step configs with descriptions.

You can also reference this doc file as the guideline: AWS-step-by-step-config-with-chart.docx

Let's start

If you don't have a AWS account, register an account aws portal signup . If you already have an account, login to your account aws portal login .

DAML uses S3, SQS, IAM components as dependency and we recommend all aws component are in the same region.

  • region

Copy the region from your login portal url or the drop-down box in the upper right corner, and replace the null with string value in data-annotator-for-machine-learning/annotation-service/config/app-os.js

region: process.env.REGION || "xxx"

1. S3

You also can reference the official guideline from here https://docs.aws.amazon.com/s3/index.html.

1.1 Create Bucket

Bucket Tab --> Create bucket --> input bucket name and Region(use the same default region with other components) and --> Create bucket

  • bucketName

Replace the bucketName with your new bucket name:

bucketName: process.env.BUCKET_NAME || "xxx"

1.2 Edit Bucket permissions

S3 --> Buckets --> click your Bucket name --> Permissions --> Cross-origin resource sharing (CORS) --> Edit --> replace with the below json --> Save changes

[
  {
    "AllowedHeaders": [
      "*"
    ],
    "AllowedMethods": [
      "GET",
      "PUT",
      "POST",
      "DELETE"
    ],
    "AllowedOrigins": [
      "*"
    ],
    "ExposeHeaders": []
  }
]

2. SQS

You also can reference the official guideline from here https://docs.aws.amazon.com/sqs/index.html.

2.1 create queue

SQS --> Create queue -->

selete standard queue
input queue name
others leave as default value

--> Create Queue --> copy the queue URL

  • sqsUrl

Replace the sqsUrl with your copied string value

sqsUrl: process.env.SQS_URL || "xxx"

3. IAM User

You also can reference the official guideline from here https://docs.aws.amazon.com/iam/index.html.

3.1 create Policies

Policies tab --> Create policy --> JSON --> input the json below

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ses:*",
                "s3:*",
                "sqs:*"
            ],
            "Resource": "*"
        }
    ]
}

--> Review Policy --> input the policy name --> Create policy

3.2 create user

Users tab --> Add user --> input User Name and tick allow Programmatic access --> Next:Permisions --> Next:Tags --> Next:Review --> Create user --> click Download.csv (important, only have one opportunity to download) save the csv file to your local pc --> Close

3.3 create Roles

Roles tab --> Create role --> Another AWS account --> input Account ID(you can see from right above, your name dropdown list, My Account) --> Next: Permissions --> Next:Tags --> Next:Preview --> input Role name --> Create role

3.3.1 Edit Roles Trust Relationship

Click User tab --> copy User ARN click Roles --> click the Role Name you created just now --> click Trust relationships --> click edit trust relationship --> replace the root user with you copied user role. -->click update Trust Policy

3.3.2 Edit Roles Permissions

Click Roles --> click Permissions --> click Attach policies --> filter the policies with the name you just created in step1 and tick it --> click Attach policy

  • accessKeyId,secretAccessKey

Copy the Access key ID and Secret access key from you download csv file (new_user_credentials.csv)

accessKeyId: process.env.ACCESSKEY_ID || "xxx"
secretAccessKey: process.env.SECRET_ACCESS_KEY || "xxx"
  • s3RoleArn,sqsRoleArn

Replace the s3RoleArn and sqsRoleArn with string values: IAM --> Roles Tab --> the Role you reated in I.step3 --> copy the Role ARN --> replace the null with string value

s3RoleArn: process.env.S3_ROLEARN || "xxx"
sqsRoleArn: process.env.SQS_ARN || "xxx"

4. SES [ optional ]

If you want to use AWS SES as the email service, you can config this settings below, otherwise you can skip this part.

You also can reference the official guideline from here https://docs.aws.amazon.com/ses/index.html.

4.1 Sandbox

Sandbox is default in SES, that is only send email to verified Email address, both sender and to email address. there are two ways to verify the email address by Domains or By Email Addresses By Domains you can verify all the same type email address. By Email Addresses you only can verify one by one.

4.2 Production Access

Production can send to any email address, but need application from AWS Team. SES --> Sending Statistics --> Edit your account Details --> input the basic information --> Submit for review

If you just want to run Loop as the demo or just few workmate. sandbox if enough. but if you want to deploy to production for many users to use you need apply production access.anyway, you need a sender address

  • sender, enableEmail, useAWSSES [ optional ]

If you want enable send email function and want to use AWS SES as the email service replace the sender, and change enableEmail to true and change useAWSSES to true

enableEmail: process.env.ENABLE_EMAIL || true,
useAWSSES: process.env.USE_AWS_SES || true,
sender: process.env.EMAIL_FROM || "[email protected]"
Clone this wiki locally