How to configure BucketBridge.


All BucketBridge configuration is performed via the AWS Systems Manager Parameter Store. All configuration must be encrypted using KMS. If you started BucketBridge via our provided quickstart CloudFormation template a KMS key has been created for this purpose.

Adding Users

Visit the Systems Manager Parameter Store page in the AWS console, and ensure that the region you launched the CloudFormation template in is selected in the upper-right corner.

You must prefix the username you are creating with /bucketbridge/user/, where bucketbridge is the name of the CloudFormation stack you created earlier. Ensure that Type is set to SecureString, and that you have selected the KMS key created by the CloudFormation template. BucketBridge does not have access to use other KMS keys, and will not be able to encrypt the data if an alternate key is used.

For example, to create a user with the username fred and password agreatpasswordreallythebest for a BucketBridge instance create in a stack named bucketbridge, you would:

  • Enter /bucketbridge/user/fred in the Name box
  • Select SecureString under Type
  • Select KMS key source of My current account
  • Select the KMS key ID you created via the CloudFormation template
  • Enter agreatpasswordreallythebest in the Value box
  • Click Create Parameter

Resetting user password

To reset a user’s password, select the user from the parameter list and then Edit. Enter the new password in the Value box, and click Save Changes.

Removing users

To delete a user, select the user from the parameter list and then Delete. Note that existing FTP sessions will not be disconnected on deletion.

Advanced: Adding multiple users

If you have many users to create, you may wish to do this using AWS tools for Powershell or via the AWS CLI.

As above, you need to ensure all users created are done so with the string /bucketbridge/user/ at the start.

Advanced: Using BucketBridge with multiple S3 Buckets

A single BucketBridge instance can be used with multiple S3 buckets. To do this, you must create the S3 buckets separately, and ensure that the BucketBridge role has appropriate permissions to access these buckets. To set the S3 Bucket to be used for a given user, add a KMS encrypted parameter of the name /bucketbridge/bucket/fred, where bucketbridge is the name of the CloudFormation stack, and fred is the name of the user. The Value for the parameter should be set to the name of the bucket you wish the user to access.