In this post we will walk through creating a bucket in Amazon S3, setting up an IAM user, and getting Wagtail to upload and serve all user-uploaded content to/from Amazon S3.
If you use this article in conjunction with Deploying Your Wagtail Site on Heroku, you can have a fully-functioning, web-facing deployment of Wagtail without a penny spent. (Of course you’ll need to move to paid versions once you’re ready to handle some traffic.)
Before we start, I'm making the following assumptions:
Setting up your IAM User
You can link up your Wagtail site with root access to your S3 account, however Amazon advises against it. The recommended route is to use an IAM user. This keeps access limited to specific features, reducing security risks. It also makes it easy to pass off bucket access to someone else in the event that another person takes over your project. Setting up an IAM user will very likely save you from headaches down the road.
First, we’ll navigate to the IAM Management Console and create a user. When you reach step 4, “Complete” you see your access key and your secret access key starred out. Go ahead and download the .csv at this point and put it somewhere you'll remember. You won’t be able to get access to the secret key in the future and will be forced to create new access credentials if you don't hang on to them.
Setting up your S3 Bucket
Unless you know what you’re doing, keep the region that Amazon provides by default when you create your bucket. Changing the region of your bucket will require additional setup procedures that are not covered in this article.
Once your bucket is created, select the “Properties” button then click the “Permissions” dropdown. Open “Edit bucket policy” and enter the policy below: