This article is written for those who were searching for a detailed and simple for the understanding guide on how to configure Amazon S3 to share files in Rocket.Chat.

Rocket.Chat is an open-source messenger that supports group chats, file sharing, video conferencing, bots and much more. Rocket.Chat can be installed on your own server, and then communicate using the web interface, a personal computer, or a mobile device.

You can read more about how to install Rocket.Chat on Ubuntu Server in my guide «Installing Rocket.Chat on Ubuntu Server».

You must also have an administrator account on Amazon Web Services.

Please note that in order to configure file sharing you need to have administrator rights in Rocket.Chat.

First, create a bucket using the Amazon S3 service. The bucket will allow you to store files that users of Rocket.Chat will exchange.

Follow the link https://console.aws.amazon.com/s3/, if necessary, specify the username and password of an account with administrator rights in Amazon Web Services and click on the “Create bucket” button.

In the “Bucket name” field specify a unique DNS-compatible name for the bucket.

Please note a few important things when creating a new name for the bucket:

  • The name must be unique across all existing bucket names in Amazon S3.
  • After you create the bucket, you cannot change the name, so choose wisely.
  • Choose a bucket name that reflects the objects in the bucket because the bucket name is visible in the URL that points to the objects that you’re going to put in your bucket.

In this manual, rocketchat-heyvaldemar will be used as the bucket name.

In the “Region” field specify the desired region in which the bucket will be created.

Click on the “Create” button.

Bucket successfully created.

Now you need to configure access rights to the bucket so that Rocket.Chat users can exchange files using this bucket.

Select the previously created bucket.

Go to the “Permissions” tab, then select the “CORS configuration”.

Next, insert the following configuration for the bucket to work:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
	<AllowedOrigin>https://rocketchat.heyvaldemar.net</AllowedOrigin>
	<AllowedMethod>PUT</AllowedMethod>
	<AllowedMethod>POST</AllowedMethod>
	<AllowedMethod>GET</AllowedMethod>
	<AllowedMethod>HEAD</AllowedMethod>
	<MaxAgeSeconds>3000</MaxAgeSeconds>
	<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

In this manual, the rocketchat.heyvaldemar.net subdomain will be used to access Rocket.Chat from the Internet. You will need to specify your domain or subdomain by which Rocket.Chat will be available from the Internet.

Click on the “Save” button.

Changes saved successfully.

Now you need to create a policy to access the previously created bucket.

Click on the “Services” button and in the “Security, Identity & Compliance” section, select “IAM”.

Next, go to the “Policies” section and click on the “Create policy” button.

Go to the “JSON” tab.

Paste the following policy settings:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::rocketchat-heyvaldemar"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:GetObject",
                "s3:GetObjectAcl",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::rocketchat-heyvaldemar/*"
        }
    ]
}

In this manual, rocketchat-heyvaldemar is used as the bucket name. You will need to provide your bucket name.

Click on the “Review policy” button.

In the “Name” field, specify the name for the new policy and click on the “Create Policy” button.

In this guide, RocketChatFileUpload will be used as the policy name for accessing the previously created bucket.

Policy created successfully.

Now you need to create a new user and assign him the previously created bucket access policy. This user will be required to connect Rocket.Chat to the bucket.

Go to the “Users” section and click on the “Add user” button.

In the “User name” field, specify the name for the new user and click on the “Next: Permissions” button.

In this manual, rocketchat-upload will be used as the username.

Next, select “Attach existing policies directly”.

In the search bar, specify the name of the previously created policy and in the presented search result, select the desired policy.

In this guide, RocketChatFileUpload is used as the policy name for accessing a previously created bucket.

Click on the button “Next: Tags”.

In the next step, you do not need to make any changes.

Click on the “Next: Review” button.

Everything is ready to create a new user.

Click on the “Create user” button.

The user has been successfully created and has the necessary rights to access the previously created bucket.

Now you need to save the received “Access key ID” and “Secret access key”. This data will be needed to connect Rocket.Chat to the previously created bucket.

Save the contents of the “Access key ID” section to a safe place.

Press the “Show” button to display the contents of the “Secret access key” section and save the contents of the section to a safe place.

Click on the “Close” button.

The new user will appear in the “Users” section.

Now you need to find the code for the region in which the bucket was created.

Follow the link https://docs.aws.amazon.com/general/latest/gr/rande.html and find the desired region code in the “Region” column next to the “Region Name” column, the value in which should correspond to the region, in which the bucket was created.

In this manual, the bucket was created in the region “EU (Frankfurt)”, so the required value of the region code will be “eu-central-1”.

Now you need to specify the parameters for connecting Rocket.Chat to the previously created bucket.

Go to Rocket.Chat under an account with administrator rights, click on the icon with the image of three dots in the upper left corner of the screen and select “Administration”.

Next, find the “File Upload” section.

“File Uploads Enabled” parameter must be set to “True”.

“Protect Uploaded Files” should be set to “True”.

“File Uploads Enabled” parameter must be set to “True”.

“Enable Json Web Tokens protection to file uploads” parameter must be set to “True”.

In the “Storage Type” field, select “AmazonS3”.

“File Uploads Enabled in Direct Messages” parameter must be set to “True”.

Click on the “Save Changes” button.

Next, you need to specify the parameters in the subsection “Amazon S3”.

In the “Bucket name” field specify the name of the previously created bucket.

In the field “Access Key” specify “Access key ID”, obtained earlier after creating the user.

In the field “Secret Key” specify “Secret access key”, obtained earlier after creating the user.

In the “Region” field specify the code of the bucket region, obtained earlier at https://docs.aws.amazon.com/general/latest/gr/rande.html

“Proxy Avatars” parameter must be set to “True”.

“Proxy Uploads” parameter must be set to “True”.

Click on the “Save Changes” button.

Now upload the file from the computer to a common channel called IT in order to verify the correct operation of the file upload to Rocket.Chat using the Amazon S3 service.

Open the channel in Rocket.Chat, then in the lower right corner of the screen click on the plus icon and select “Computer”.

Select the file you want to download.

The file is ready to download.

Click on the “Send” button.

The file was successfully uploaded and available to all participants of the IT channel in Rocket.Chat.

Rocket.Chat users can now share files using Amazon S3.

Author

Hi, I’m Vladimir Mikhalev, but my friends call me Valdemar. I have a lot of experience in the design and maintenance of various information systems. On my website, you will find detailed and clear guides for setting up IT solutions. Dive into the ocean, full of positive and technology! For cooperation: callvaldemar@gmail.com

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.