--- title: "AWS S3 | DreamFactory Docs" source: "https://docs.dreamfactory.com/api-generation-and-connections/api-types/file-services/aws-s3" canonical_url: "https://docs.dreamfactory.com/api-generation-and-connections/api-types/file-services/aws-s3" converted_at: "2026-04-05T14:01:09.388Z" format: "markdown" converted_by: "html-to-md-ai" --- DreamFactory's AWS S3 connector provides a REST-based interface for interacting with S3 objects and buckets. Supporting all standard CRUD operations, you can easily manage your S3 data through a unified API. Because the S3 API is native to DreamFactory, you can integrate S3 actions alongside other API-driven tasks: - Upload a newly registered user avatar to S3 while inserting registration data into a database - Email a website visitor a link to a product PDF after writing their email to your CRM - Create new S3 buckets as part of a DevOps workflow - Apply DreamFactory's role-based access controls, rate limiting, and audit logging --- ## Use Cases[​](#use-cases) - **Application file storage**: User uploads, media assets, documents - **Static asset hosting**: Images, CSS, JavaScript for web applications - **Data lake integration**: Store and retrieve data files for analytics - **Backup storage**: Archive files from other systems - **Multi-tenant file isolation**: Per-customer folders with RBAC --- ## Prerequisites[​](#prerequisites) Before configuring the S3 connector, you need: 1. **AWS Account** with S3 access 2. **S3 Bucket** created in your desired region 3. **IAM User or Role** with S3 permissions 4. **Access Key ID and Secret Access Key** for the IAM user ### Minimum IAM Policy[​](#minimum-iam-policy) Create an IAM policy with these permissions: ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*" ] } ]} ``` --- ## Creating an AWS S3 Service[​](#creating-an-aws-s3-service) ### Step 1: Navigate to API Generation[​](#step-1-navigate-to-api-generation) Log in to your DreamFactory instance using an administrator account and select the **API Generation & Connections** tab. Set your API Type to **File**. ### Step 2: Create New Service[​](#step-2-create-new-service) Click the purple plus button to create a new file service, then search for and select **AWS S3**. ### Step 3: Configure Service Details[​](#step-3-configure-service-details) FieldDescriptionExampleNameService name (lowercase, alphanumeric, used in API URL)`s3files`LabelDisplay name in admin console`AWS S3 Storage`DescriptionService description`Production file storage on S3` ### Step 4: Configure AWS Credentials[​](#step-4-configure-aws-credentials) Scroll to the **Config** section and enter your AWS credentials: FieldRequiredDescriptionAccess Key IDYesAWS IAM access keySecret Access KeyYesAWS IAM secret keyRegionYesAWS region (e.g., `us-east-1`, `eu-west-1`)BucketYesS3 bucket nameContainerNoSubdirectory within bucket to use as root ### Step 5: Save and Test[​](#step-5-save-and-test) Click **Save** to create the service. Navigate to **API Docs** to view the generated endpoints and test operations. --- ## Configuration Options[​](#configuration-options) ### Required Settings[​](#required-settings) FieldTypeDescription`key`stringAWS Access Key ID`secret`stringAWS Secret Access Key`region`stringAWS region code`bucket`stringS3 bucket name ### Optional Settings[​](#optional-settings) FieldTypeDefaultDescription`container`string-Subdirectory prefix for all operations`endpoint`string-Custom S3-compatible endpoint URL`use_path_style_endpoint`booleanfalseUse path-style URLs (required for MinIO, LocalStack)`cache_enabled`booleanfalseEnable response caching`cache_ttl`integer0Cache time-to-live in seconds ### S3-Compatible Storage[​](#s3-compatible-storage) DreamFactory's S3 connector works with S3-compatible services by setting a custom endpoint: ServiceEndpoint ExampleMinIO`http://minio.example.com:9000`DigitalOcean Spaces`https://nyc3.digitaloceanspaces.com`Backblaze B2`https://s3.us-west-002.backblazeb2.com`Wasabi`https://s3.wasabisys.com` Set `use_path_style_endpoint` to `true` for MinIO and similar services. --- ## API Endpoints[​](#api-endpoints) MethodEndpointDescription`GET``/api/v2/{service_name}/`List bucket root`GET``/api/v2/{service_name}/{path}/`List folder contents`GET``/api/v2/{service_name}/{path}`Download file`POST``/api/v2/{service_name}/`Create folder or upload file`POST``/api/v2/{service_name}/{path}/`Create subfolder or upload file`PUT``/api/v2/{service_name}/{path}`Replace file contents`DELETE``/api/v2/{service_name}/{path}`Delete file or folder --- ## API Examples[​](#api-examples) ### List Bucket Contents[​](#list-bucket-contents) ``` curl -X GET "https://example.com/api/v2/s3files/" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" ``` **Response:** ``` { "resource": [ { "path": "images/", "type": "folder", "name": "images", "last_modified": "2026-02-10T14:30:00Z" }, { "path": "document.pdf", "type": "file", "name": "document.pdf", "content_type": "application/pdf", "content_length": 102400, "last_modified": "2026-02-09T10:15:00Z" } ]} ``` ### Upload a File[​](#upload-a-file) ``` curl -X POST "https://example.com/api/v2/s3files/uploads/report.pdf" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/pdf" \ --data-binary @report.pdf ``` **Response:** ``` { "name": "report.pdf", "path": "uploads/report.pdf", "content_type": "application/pdf", "content_length": 102400} ``` ### Download a File[​](#download-a-file) ``` curl -X GET "https://example.com/api/v2/s3files/uploads/report.pdf" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" \ -o report.pdf ``` ### Create a Folder[​](#create-a-folder) S3 doesn't have true folders, but DreamFactory creates a placeholder object: ``` curl -X POST "https://example.com/api/v2/s3files/" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" \ -H "X-Folder-Name: documents" ``` ### Delete a File[​](#delete-a-file) ``` curl -X DELETE "https://example.com/api/v2/s3files/uploads/old-report.pdf" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" ``` ### Delete a Folder[​](#delete-a-folder) Delete all objects with a prefix: ``` curl -X DELETE "https://example.com/api/v2/s3files/old-folder/?force=true" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" ``` ### Get File Metadata[​](#get-file-metadata) ``` curl -X GET "https://example.com/api/v2/s3files/uploads/report.pdf?include_properties=true" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" ``` **Response:** ``` { "path": "uploads/report.pdf", "name": "report.pdf", "type": "file", "content_type": "application/pdf", "content_length": 102400, "last_modified": "2026-02-10T15:45:00Z"} ``` --- ## Pre-Signed URLs[​](#pre-signed-urls) For large file uploads or direct client-to-S3 access, use pre-signed URLs: ``` curl -X GET "https://example.com/api/v2/s3files/uploads/large-file.zip?url=true&expires=3600" \ -H "X-DreamFactory-API-Key: YOUR_API_KEY" ``` **Response:** ``` { "url": "https://bucket.s3.amazonaws.com/uploads/large-file.zip?X-Amz-Algorithm=..."} ``` The `expires` parameter sets the URL validity in seconds (default: 3600). --- ## File Upload Limits[​](#file-upload-limits) Upload size limits are controlled by your web server, PHP configuration, and S3: ### Server Configuration[​](#server-configuration) See [Local File Storage - File Upload Limits](/api-generation-and-connections/api-types/file-services/local-file-storage#file-upload-limits) for Nginx and PHP settings. ### S3 Limits[​](#s3-limits) LimitValueMaximum object size5 TBMaximum single PUT5 GBMultipart upload threshold100 MB (recommended) For files larger than 100 MB, consider using pre-signed URLs for direct upload. --- ## Common Errors[​](#common-errors) Error CodeMessageCauseSolution400Bad RequestInvalid parametersCheck path and request format401UnauthorizedInvalid API keyVerify DreamFactory API key403Access DeniedAWS permissions issueCheck IAM policy and bucket policy404Not FoundObject does not existVerify the S3 key exists409ConflictObject already existsUse PUT to overwrite413Payload Too LargeFile exceeds limitsIncrease server limits or use pre-signed URL503Service UnavailableS3 unreachableCheck network connectivity and AWS status ### Troubleshooting AWS Errors[​](#troubleshooting-aws-errors) **Access Denied (403)**: 1. Verify IAM user has correct permissions 2. Check bucket policy allows access 3. Confirm region matches bucket location 4. Verify Access Key ID and Secret are correct **Bucket Not Found**: 1. Confirm bucket name spelling 2. Verify bucket exists in specified region 3. Check bucket hasn't been deleted --- ## Security Best Practices[​](#security-best-practices) ### IAM Configuration[​](#iam-configuration) 1. **Use dedicated IAM user** for DreamFactory 2. **Minimal permissions** - only grant required actions 3. **Restrict to specific bucket** - don't use wildcard resources 4. **Rotate credentials** regularly ### Bucket Configuration[​](#bucket-configuration) 1. **Block public access** unless specifically required 2. **Enable versioning** for critical data 3. **Enable server-side encryption** (SSE-S3 or SSE-KMS) 4. **Enable access logging** for audit trails ### DreamFactory RBAC[​](#dreamfactory-rbac) Layer DreamFactory's RBAC on top of AWS permissions: ScenarioConfigurationRead-only accessAllow GET onlyUpload-onlyAllow POST to specific pathsUser isolationUse filters to restrict by user ID folder --- ## Cost Optimization[​](#cost-optimization) ### Request Pricing[​](#request-pricing) S3 charges per request. Optimize by: - Enabling caching in DreamFactory - Batching operations where possible - Using LIST sparingly (costs more than GET) ### Data Transfer[​](#data-transfer) - **Within region**: Free between S3 and EC2 - **Internet egress**: Charged per GB - **CloudFront**: Can reduce costs for high-traffic reads --- ## Next Steps[​](#next-steps) - **[File Services Overview](/api-generation-and-connections/api-types/file-services/file-services-overview)**: Compare all file storage options - **[Local File Storage](/api-generation-and-connections/api-types/file-services/local-file-storage)**: Store files on the server - **[Role-Based Access Control](/api-security/rbac)**: Configure fine-grained permissions