Go to website
Articles Categories

Connect Amazon S3

Amazon S3 is one of the most widely used object storage services in the world. This guide walks you through connecting your S3 bucket to HeftySend.

Custom storage requires a Premium or Ultra plan. See Using your own storage with HeftySend for an overview.

Step 1: Create your S3 bucket

  • Go to your AWS S3 Console
  • Click "Create bucket"
  • Enter a unique bucket name (for example, my-heftysend-files)
  • Select an AWS region close to your users
  • Keep "Block all public access" enabled
  • Click "Create bucket"

Step 2: Set up CORS configuration

  • Click on your bucket name to open it
  • Go to the "Permissions" tab
  • Scroll down to "Cross-origin resource sharing (CORS)"
  • Click "Edit" and paste this configuration:
[
  {
    "AllowedHeaders": ["*"],
    "AllowedMethods": ["GET", "PUT", "POST", "DELETE", "HEAD"],
    "AllowedOrigins": ["*"],
    "ExposeHeaders": ["ETag"],
    "MaxAgeSeconds": 3000
  }
]
  • Click "Save changes"

CORS must be configured on the bucket itself or uploads will fail. Wait a couple of minutes after saving for the settings to propagate.

Step 3: Create an IAM user and access keys

  • Go to the IAM Console
  • Click "Users" then "Create user"
  • Enter a username (for example, heftysend-s3-access)
  • Click "Next"
  • Select "Attach policies directly"
  • Click "Create policy" to create a custom policy

Step 4: Create a custom IAM policy

  • In the policy editor, select the "JSON" tab
  • Replace the content with this policy, updating YOUR-BUCKET-NAME with your actual bucket name:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR-BUCKET-NAME",
        "arn:aws:s3:::YOUR-BUCKET-NAME/*"
      ]
    }
  ]
}
  • Click "Next" and give the policy a name (for example, HeftySendS3Access)
  • Click "Create policy"

Step 5: Attach the policy and create access keys

  • Go back to the user creation page and refresh the policy list
  • Search for your new policy, select it and click "Next"
  • Click "Create user"
  • Open the user details and go to "Security credentials"
  • Click "Create access key"
  • Select "Application running outside AWS"
  • Click "Next" then "Create access key"

Save both the Access Key ID and Secret Access Key now. The secret is only shown once and cannot be retrieved later.

Step 6: Connect to HeftySend

  1. Go to Settings > Storage in your HeftySend dashboard
  2. Click "Configure S3 Storage"
  3. Enter your endpoint URL: https://s3.[REGION].amazonaws.com (replace [REGION] with your bucket's region, for example us-east-1)
  4. Enter your Access Key ID and Secret Access Key
  5. Enter your bucket name
  6. Select your region from the dropdown
  7. Click "Test Connection" then "Save"

Common AWS regions

Region code Location
us-east-1 US East (N. Virginia)
us-west-2 US West (Oregon)
eu-west-1 Europe (Ireland)
eu-central-1 Europe (Frankfurt)
ap-southeast-1 Asia Pacific (Singapore)
ap-northeast-1 Asia Pacific (Tokyo)

For the full list see the AWS S3 endpoints documentation.

Troubleshooting

If you see an access denied error, verify the IAM policy has the correct bucket name and that both the bucket ARN and bucket/* ARN are included. If you see CORS errors, make sure CORS is configured on the bucket (not the IAM user) and wait a few minutes after updating.

Last updated on March 10, 2026