-
Notifications
You must be signed in to change notification settings - Fork 4
Use S3 for Contact Us data
S3 is used to store the "Contact Us" query entered by users of the Flask website. The website saves the query as a JSON file in S3. They can then be viewed inside S3 and manually acted upon.
S3 is a file storage solution so perfect for storing data like JSON files.
In order to use S3, we need to:
- create a bucket to store the JSON files
- ensure the Elastic Beanstalk environment has access to the bucket to write the JSON files
- secure the bucket so only authorised users can read the JSON files
The AWS CLI will continue to be used to create and configure the S3 resources.
A bucket is required to store the JSON files. This can be easily created via the command line. We will call our bucket flask-template-contact-us
aws s3 mb s3://flask-template-contact-us
To see details about this bucket, enter
aws s3 ls
This will show all of your S3 buckets. It will show this newly created one and also the one that Elastic Beanstalk uses to deploy changes to the Flask application.
For the contents of this new bucket, enter
aws s3 ls s3://flask-template-contact-us
nothing is returned as it is empty
Now we need to set permissions so that Elastic Beanstalk can write to this bucket.
Elastic Beanstalk uses a role when it runs the environment hosting the Flask application. You can see the name of this role when you execute
eb config
You will see a line with IamInstanceProfile: aws-elasticbeanstalk-ec2-role. This is the role that is used.
We need to allow this role to access the s3 bucket we created earlier. We only need to grant write access (Put access).
To achieve this, create a JSON file in the directory where you are entering the various commands. Call this JSON file contact-us-policy.json and enter the following text:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:PutObject",
"Resource": [
"arn:aws:s3:::flask-template-contact-us/*",
"arn:aws:s3:::flask-template-contact-us"
]
}
]
}The above JSON specifies a role policy that enables write access to the S3 bucket.
Now we need to attach this role policy to the elastic beanstalk role. Execute the following command.
aws iam put-role-policy --role-name aws-elasticbeanstalk-ec2-role --policy-name ContactUsBucket --policy-document file://contact-us-policy.json
To check it's been attached, enter the below. You will see the policy listed.
aws iam get-role-policy --role-name aws-elasticbeanstalk-ec2-role --policy-name ContactUsBucket
Now we need to update the Elastic Beanstalk environment variables to use this bucket. Enter:
eb setenv CONTACT_US_FORMAT=s3 S3_BUCKET=flask-template-contact-us
This will set the environment variables and restart the environment.
Once the environment is re-started, go to your website and enter in some data into the Contact Us form and Submit it.
Remember, eb open launches a browser and shows your website.
Now take a look into the bucket:
aws s3 ls s3://flask-template-contact-usYou will see a single JSON file. This contains the details entered in the Contact Us form.
To download this file locally in order to view it, enter the below and replace <NAME OF FILE> with the JSON filename output by the previous command:
aws s3api get-object --bucket flask-template-contact-us --key <NAME OF FILE> my_contact_us
more my_contact_us
You will see the details entered on the contact_us form.
By default, whilst the bucket is public, all objects within the bucket are private and not accessible to all. The objects are only accessible to authorized AWS users and groups. This can be further customised via the AWS CLI or via the s3 management console.
Well done ! Your Flask application is now writing Contact Us enquiries to S3. Now your userbase can easily get in touch with you.