Amazon S3 Template Parameters

JFrog Installation & Setup Documentation
Content Type
Installation & Setup

The Amazon S3 Official Amazon SDK template supports the following set of parameters.

Parameter

Description

bucketName

Your globally unique bucket name.

Mandatory parameter

path

Default: filestore

The path relative to the bucket where binary files are stored.

endpoint

The cloud storage provider’s URL.

Amazon Endpoints: Supported JFrog Subscriptions

Only official AWS endpoints, such as s3.amazonaws.com, *.amazonaws.com, and*.amazonaws.com.cn are supported in all JFrog subscriptions. Additional endpoints are supported in the JFrog Enterprise/ Enterprise+ subscriptions."

region

The region offered by your cloud storage provider with which you want to work.

Mandatory parameter if the default value is used for endpoint. If a custom value is used for endpoint, region is not necessary.

type

s3-storage-v3

testConnection

Default: true

When set to true, the binary provider uploads and downloads a file when Artifactory starts up to verify that the connection to the cloud storage provider is fully functional.

identity

Your cloud storage provider identity.

credential

Your cloud storage provider authentication credential.

port

The cloud storage providers port.

When a port is not assigned and the useHttp parameter is set to true, the default port will be set to 80. Otherwise, the default port is set as 443. Note that If you have defined a port, the port will take precedence and will be applied regardless of the value set for the useHttp parameter.

rootFoldersNameLength

Default: 2

The number of initial characters in the object's checksum that should be used to name the folder in storage. This can take any value between 0 - 5.0 means that checksum files will be stored at the root of the object store bucket.

For example, if the object's checksum is 8c335149... and rootFoldersNameLength is set to 4, the folder under which the object would be stored would be named 8c33.

proxyIdentity

Corresponding parameters if you are accessing the cloud storage provider through a proxy server.

proxyCredential

proxyPort

proxyHost

nonProxyHost

(Available from Artifactory 7.77.6 self-hosted version.)

useHttp

Default: false

Defines the connection schema. When set to true, you can set a non-secure HTTP connection.

kmsClientSideEncryptionKeyId

(named kmsServerSideEncryptionKeyId prior to Artifactory version 7.31.10)

Default is N/A.

Use KMS Encryption client with the given KMS encryption key ID or alias.

The name, kmsServerSideEncryptionKeyId, is deprecated. But you can continue to use the name without causing any errors.

server-side-encryption-aws-kms

Default is N/A.

If set to true, S3 encrypts artifacts on the server based on the default KMS key. You can also set it with the encryption key ID or alias instead of true.

kmsCryptoMode

Default: EncryptionOnly. This only applies to the s3-storage-v3 template.

Use KMS encryption with one of the following crypto policies:

  • EncryptionOnly

  • AuthenticatedEncryption

  • StrictAuthenticatedEncryption

For more information, see https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/examples-crypto-kms.html.

useInstanceCredentials

Default: false.

Set to true to use the AWS S3 as your default provider chain according to the authentication mechanism.

usePresigning

Default: false.

When set to true, applies to signed URLs for adding, deleting, and getting client methods on s3 objects.

Note

  • usePresigning is not used in AWS SDK v2. If you try to use this parameter with AWS SDK v2, you will receive a warning message that it cannot be used by the current S3 provider.

  • Enabling Presigning restricts the maximum size of objects that are uploaded to under 5GB. For more information, see AWS Documentation.

multiPartLimit

Default: 100,000,000 bytes

For AWS SDK v1: Only relevant when usePresigning is set to false.

For AWS SDK v2: Always relevant.

File size threshold (in bytes) over which file uploads are chunked and multi-threaded.

multipartElementSize

Default:

  • For AWS SDK v1: 5 MB chunk

  • For AWS SDK v2: 8 MB chunk

The chunk size when multiPartLimit is used. If a tag is not set, the default value is applied.

transferManagerThreads

Default: 10.

Applies when usePresigning is set to false

This applies to multipart uploads, configured by the multiPartLimit.

signatureExpirySeconds

Default: 300

Sets the validity period in seconds for signed URLs used internally for uploads and downloads.

maxConnections

Default: 50.

Sets the maximum HTTP client connections for the AWS client

connectionTimeout

Default: none

Sets the connection timeout (in milliseconds) for the AWS client. A value equal to or less than 0 will cause Artifactory to use the clients' default values.

socketTimeout

Default: 50,000.

Sets the socket timeout (in milliseconds) for the AWS client.

enablePathStyleAccess

Default: false

Amazon S3 supports virtual-hosted-style and path-style access in all regions.

The path-style syntax requires that using the region-specific endpoint when attempting to access a bucket. For non-AWS users, this property may need to be set to true. For CEPH storage, set this property to true.

disableChunkedEncoding

Default: false

The default behavior is to enable chunked encoding automatically for PutObjectRequest and UploadPartRequest.

Setting this flag will result in disabling chunked encoding for all requests, which may impact performance.

Using this option is recommended only if your endpoint does not implement chunked uploading.

useDeprecatedBucketExistenceCheck

Default: false

Setting this property to true will force checking bucket existence based on a HEAD request to the bucket. (Deprecated in AWS)

enableSignedUrlRedirect

Enables direct cloud storage download.

signedUrlExpirySeconds

Default: 30 (optional)

Specifies the number of seconds that a signed URL provided to a requesting client for direct download from cloud storage is valid.

Note

Direct download is available for AWS, Azure, and GCP. Direct download for Azure is only available for Self-Hosted environments.

tempDir

A temporary folder into which files are written for internal use by Artifactory. If the value specified starts with a forward slash ("/") the value is considered the full path to the temporary folder. Otherwise, it is considered relative to fileStoreDir under the baseDataDir.

Applicable for direct upload only.

Note

Prior to Artifactory 7.98.2, tempDir was always relative to baseDataDir, and if tempDir had an absolute path in binarystore.xml (for example: /tmp), tempDir was set to $BASEDATADIR/filestore/tmp.

awsSdkV2

Default: false

Enables or disables the AWS SDK v2 integration.

Note

Relevant only to AWS SDK v2.

blockingDataReadThreads

Default: 15

The number of threads in the dedicated pool for adapting Artifactory's blocking I/O to the SDK's non-blocking clients.

Note

Relevant only to AWS SDK v2.

crtTargetThroughputInGbps

Default: 10.0

The target network throughput (in Gbps) for the high-performance CRT client. This helps throttle the client on networks with limited bandwidth.

Note

Relevant only to AWS SDK v2.

connectionAcquisitionTimeout

Default: -1

The connection acquisition timeout for the AWS client in milliseconds. A value equal to or less than 0 causes Artifactory to use the client's default value.

Note

Relevant only to AWS SDK v2.

disableChecksumValidation

Default: false

Disables automatic checksum validation during S3 operations.

Note

  • Give careful consideration before enabling this setting. For more information on the AWS checksum validation mechanism, see the AWS documentation.

  • Relevant only to AWS SDK v2.