Despite the fact that Amazon S3 is an excellent storage for static data for our application, many find it quite difficult to configure and customize it. So let's walk step by step through the actions that need to be taken to properly and safely work with the data storage.

AWS setup

Let's create and configure everything we need to work with Amazon S3.

Step 1: Create S3 bucket

You can skip this step, if you already has a bucket you need.

This is the easiest part. Log into AWS Management Console and navigate to S3.

S3 location in AWS navigation bar

Press "Create bucket" button. Set bucket name, that must be unique across all existing bucket names in Amazon S3, and region where it should be located. You can choose any region, but then you’ll need to use the corresponding region ID in the config file. Amazon keeps a list of region names here. Then set properties and permissions.

Create new AWS bucket

Step 2: Create IAM Policy

Navigate to IAM and create new policy from Policy tab.

IAM location in AWS navigation bar

Create new policy

Select JSON tab to insert the following configuration:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:s3:::bucket-name"
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:s3:::bucket-name/*"
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"

Note that you must change the name of your S3 bucket in the Resource key.

Then you can return back to Visual editor tab to check if there is no errors or warnings. If everything is fine, press Review policy button.

AWS permissions setup with visual editor

Insert unique policy name and optionally some descriptive description, that can be helpful, if you have a lot of custom policies.

Review policy and saving with descriptive name

Step 3: Create IAM user

In IAM select tab User and press button Add user.

Add new IAM user

Make sure the Programmatic Access is ticked, so the system generates a Key and Secret.

Select AWS IAM access type

Then we need to assign permissions to our user. AWS offers a few template policies we’ll completely ignore, since they grant far too much access. We need our user to only be able to access the specific bucket we created. For that, we’ll opt to attach existing policies directly and search for policy we created before. In case you missed that step, you can create during this process by clicking Create policy. This will open new tab in browser to create new policy.

Attach existing AWS policy directly

Select policy from list by ticking the checkbox and proceed next, clicking Next: Review, and then Create user. It’ll give you the Access key ID and Secret access key like so:

Access key ID and Secret access key

The Access Key ID (key) and Secret access key (secret) will be plugged into the config file.

Configure Laravel

We need to edit our AWS_* environment variables from .env, that will be used by configuration file config/filesystems.php.

AWS environment variables

Setup AWS storage Laravel config

Note: Make sure that composer.json dependencies require "league/flysystem-aws-s3-v3": "~1.0" package.

And done! The filesystem is now configured. Let's test it with Tinker console tool.

Testing storage using tinker tool

Perfect! Now your S3 storage properly configured and you can use it!

TL;DR: Conclusion

On the AWS side, you need a few things:

  • An S3 bucket
  • An IAM user
  • An IAM policy attached to that user to let it use the bucket
  • The AWS Key and Secret belonging to the IAM user