Skip to main content

Configuring an AWS S3 Bucket for Queryloop

Queryloop offers the option to store your data in your own AWS S3 bucket, giving you full control over your data storage while still leveraging the platform's powerful capabilities. This guide walks you through the process of creating and configuring a properly structured S3 bucket with the necessary permissions.

S3 Bucket Naming Convention

When creating an S3 bucket for use with Queryloop, follow these important naming guidelines:

  1. Global Uniqueness Required: S3 bucket names must be unique across the entire AWS ecosystem, not just within your account.

  2. Queryloop Naming Pattern: Use the following format for optimal organization:

    queryloop-storage-[your-organization-name]

    For example: queryloop-storage-acmecorp or queryloop-storage-financialteam

  3. Naming Requirements:

    • Use only lowercase letters, numbers, and hyphens
    • Start and end with a letter or number
    • 3-63 characters in length
    • Cannot be formatted as an IP address

Step-by-Step S3 Bucket Configuration

Step 1: Create Your S3 Bucket

  1. Log in to your AWS Management Console
  2. Navigate to the S3 service
  3. Click "Create bucket"
  4. Enter a name following the convention: queryloop-storage-[your-organization-name]
  5. Select your preferred region (note this region for future reference)
  6. Configure bucket settings:
    • Block all public access (recommended)
    • Enable bucket versioning (recommended for data protection)
    • Configure default encryption (recommended for security)
  7. Click "Create bucket"

Step 2: Create an IAM Policy for Queryloop Access

Queryloop requires specific permissions to interact with your S3 bucket. You'll need to create an IAM policy that grants these permissions while maintaining security.

  1. Navigate to the IAM service in AWS Console
  2. Go to "Policies" in the left sidebar
  3. Click "Create policy"
  4. Choose the JSON tab and enter the following policy, replacing queryloop-storage-yourorganizationname with your actual bucket name:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "QueryloopS3Access",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:ListBucket",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::queryloop-storage-yourorganizationname",
        "arn:aws:s3:::queryloop-storage-yourorganizationname/*"
      ]
    }
  ]
}
  1. Click "Next: Tags" (optional: add tags for tracking)
  2. Click "Next: Review"
  3. Name your policy (e.g., "QueryloopS3Policy") and add a description
  4. Click "Create policy"

Step 3: Create an IAM User for Queryloop

Now create a dedicated IAM user that Queryloop will use to access your S3 bucket:

  1. In the IAM service, click on "Users" in the left sidebar
  2. Click "Add users"
  3. Enter a user name (e.g., "queryloop-service")
  4. Select "Access key - Programmatic access"
  5. Click "Next: Permissions"
  6. Select "Attach existing policies directly"
  7. Search for and select the policy you created in Step 2
  8. Click "Next: Tags" (optional: add tags for tracking)
  9. Click "Next: Review"
  10. Review the user details and click "Create user"
  11. IMPORTANT: Download the CSV file or copy the Access Key ID and Secret Access Key shown on the screen. This is the only time AWS will show the Secret Access Key!

Step 4: Configure Queryloop to Use Your S3 Bucket

Once you have created your S3 bucket and IAM user, you need to provide these credentials to Queryloop:

  1. Log in to your Queryloop account
  2. Navigate to the Settings page
  3. In the "External Keys" section, find "AWS S3 Configuration"
  4. Enter the following details:
    • S3 Bucket Name: Your bucket name (e.g., queryloop-storage-yourorganizationname)
    • Access Key ID: The IAM user's access key ID
    • Secret Access Key: The IAM user's secret access key
  5. Click "Save Changes"
  6. Queryloop will verify the credentials by attempting to connect to the bucket

Security Best Practices

To ensure the security of your S3 bucket and data:

  1. Use IAM Policies with Least Privilege: Only grant the permissions that Queryloop absolutely needs.
  2. Enable Bucket Encryption: Use AWS-managed keys (SSE-S3) or your own keys (SSE-KMS) for encryption at rest.
  3. Enable Bucket Versioning: Protect against accidental deletions and provide an audit trail.
  4. Enable Access Logging: Monitor and track all requests made to your S3 bucket.
  5. Regularly Rotate IAM Credentials: Change the IAM user's access keys periodically.
  6. Monitor with CloudTrail: Track API calls to your S3 bucket for security and compliance.

Next Steps

After configuring your S3 bucket:

  1. Test the integration by uploading a document in Queryloop
  2. Verify the document appears in your S3 bucket
  3. Set up any additional AWS services like CloudWatch alarms for monitoring

By following these steps, you'll have a properly configured S3 bucket that securely integrates with Queryloop while maintaining full control over your data storage.