DocumentationRecipesReferenceGraphQLChangelog
Log In

Creating an Amazon Web Storage integration

To use remote files in projects, you must first create an integration. Then in each one of your projects, you can define a connector between the integration and the project.

📘

Only organization admins can manage remote integrations.

  1. In Kili, click on your name in the top-right corner of the Kili app interface, and then go to Organization Management > Integrations.
  2. Click New.
  3. Select S3.
  4. Click on the ID generated under Role external id. The ID gets copied to your clipboard. You will use it as <YOUR EXTERNAL ID> in the next steps.

  1. In AWS, define an access point for your bucket. Refer to Creating access points .

🚧

Enable Internet access but block public access.

  1. Create an IAM policy to give rights on the access point and the bucket. Refer to this example json file with a policy summary for a bucket named kili-dev-s3-bucket with an access point named dev-access-point whose ARN is arn:aws:s3:eu-west-3:999888496268:accesspoint/dev-access-point:
 {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": [
                "arn:aws:s3:::kili-dev-s3-bucket/*",
                "arn:aws:s3:eu-west-3:999888496268:accesspoint/dev-access-point/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": [
                "arn:aws:s3:::kili-dev-s3-bucket",
                "arn:aws:s3:eu-west-3:999888496268:accesspoint/dev-access-point"
            ]
        }
    ]
}
  1. Create a role that uses the IAM policy created in Step 6. Make sure to select AWS account as entity type and tick the Require external ID checkbox.

The selected trusted entities should look like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Principal": {
                "AWS": "999888496268"
            },
            "Condition": {
                "StringEquals": {
                    "sts:ExternalId": "<YOUR EXTERNAL ID>"
                }
            }
        }
    ]
}
  1. Go back to your AWS S3 Bucket, and in Permissions set the CORS. This way, Kili front-end will be able to fetch files. Here is the policy to add:
 [  
    {  
        "AllowedHeaders": [  
            "*"  
        ],  
        "AllowedMethods": [  
            "GET"  
        ],  
        "AllowedOrigins": [  
            "<https://cloud.kili-technology.com>"  
        ],  
        "ExposeHeaders": []  
    }  
]
  1. Fill in the following:
  1. Name: name of the integration that you are creating
  2. Role ARN. This is the ARN of the role that you created. Example: arn:aws:iam::999888496268:role/S3-kili-test-bucket-image-access-role
  3. Access point ARN. This is the ARN of the access point of your bucket. Example: arn:aws:s3:us-east-1:999888496268:accesspoint/kili-test-bucket-image-ap
  1. Tick the I authorize Kili Technology to process my files on its servers to enable features that require such processing checkbox.

👍

You are now ready to synchronize data with a project.

🚧

There should be no more than 1000 folders in the same directory. If you have more, Kili won't be able to list them all.