Extension:AWS

When images are in S3:

1. Amazon EC2 instance which runs MediaWiki doesn't contain any important data^[1] and can be created/destroyed by Autoscaling.
2. Visitors download images directly from Amazon S3^[2] (which is fast), not from Amazon EC2 (where network performance depends on instance type, etc.).

Alternatives

Instead of using Amazon S3 (and this extension), you can create an Amazon EFS drive and mount it to $wgUploadDirectory . It's recommended for small wikis.

For modern versions of MediaWiki (1.35+), use the following instructions:

1. Download the extension:

   git clone --depth 1 https://github.com/edwardspec/mediawiki-aws-s3.git AWS

2. Move the AWS directory to the "extensions" directory of your MediaWiki, e.g., /var/www/html/w/extensions (assuming MediaWiki is in /var/www/html/w).
3. Create the file /var/www/html/w/composer.local.json with the following contents:

   {
   	"extra": {
   		"merge-plugin": {
   			"include": [
   				"extensions/AWS/composer.json"
   			]
   		}
   	}
   }
   

4. Run composer update from /var/www/html/w (to download dependencies). If you don't have Composer installed, see Composer for instructions on installing it.
5. Create an S3 bucket for images, e.g. wonderfulbali234.

   Note: this name will be seen in the URL of images.

6. Authorize MediaWiki to access Amazon S3:
   1. If your EC2 instance has an IAM instance profile (recommended), copy everything from "Needed IAM permissions" (see below) to an inline policy of the IAM role. See https://console.aws.amazon.com/iam/home#/roles
   2. If your EC2 instance doesn't have an IAM profile, obtain a key/secret for AWS API. You'll need to write it in LocalSettings.php (see below).
7. Modify LocalSettings.php (see below).

See https://github.com/edwardspec/mediawiki-aws-s3/blob/master/README.md for more details.

wfLoadExtension( 'AWS' );

// Configure AWS credentials.
// THIS IS NOT NEEDED if your EC2 instance has an IAM instance profile.
$wgAWSCredentials = [
	'key' => '<something>',
	'secret' => '<something>',
	'token' => false
];

$wgAWSRegion = 'us-east-1'; # Northern Virginia

// Replace <something> with the name of your S3 bucket, e.g. wonderfulbali234.
$wgAWSBucketName = "<something>";

// If your AWS account uses hundreds of buckets
// (potentially approaching the limit of 1000 buckets per account),
// it's possible to avoid creating a separate bucket for every wiki
// with the following configuration:
$wgAWSBucketTopSubdirectory = "/$wgDBname"; # leading slash is required

Visit the IAM Management Console - https://console.aws.amazon.com/iam/home - and add "Inline policy" to the IAM role of your Webserver.

The inline policy should contain (within the Statement array, as in this example) the following permissions (replace <something> with the name of your S3 bucket, e.g., wonderfulbali234):

{
        "Effect": "Allow",
        "Action": [
                "s3:*"
        ],
        "Resource": [
                "arn:aws:s3:::<something>/*"
        ]
},
{
        "Effect": "Allow",
        "Action": [
                "s3:Get*",
                "s3:List*"
        ],
        "Resource": [
                "arn:aws:s3:::<something>"
        ]
}

For troubleshooting purposes, you can enable the debug log:

$wgDebugLogGroups['FileOperation'] = '/path/to/some/writable/file.log';

This log records every S3 operation (GetObject, PutObject, etc.), even if it was successful, and the error messages if it failed. This can help you notice some misconfigurations (wrong bucket name, etc.).

The log can be quite large, so it should be disabled when you don't need it anymore.

• https://github.com/edwardspec/mediawiki-aws-s3/issues

• WindowsAzureStorage
• Swift