Extension:AWS

From mediawiki.org
Jump to navigation Jump to search
MediaWiki extensions manual
OOjs UI icon advanced.svg
AWS
Release status: stable
Implementation File repository
Description Stores MediaWiki images in Amazon S3
Author(s) Edward Chernenko
Latest version 0.11.0 (2020-03-26)
Compatibility policy master
MediaWiki 1.27+
PHP 5.6+
Database changes No
Composer edwardspec/mediawiki-aws-s3
License GNU General Public License 2.0 or later
Download
  • $wgAWSCredentials
  • $wgAWSRegion
  • $wgAWSBucketName
  • $wgAWSBucketDomain
  • $wgAWSRepoHashLevels
  • $wgAWSRepoDeletedHashLevels
Check usage and version matrix.

AWS extension allows MediaWiki to use Amazon S3 (instead of the local directory) to store images.

Why is this needed[edit]

When images are in S3:

  1. Amazon EC2 instance which runs MediaWiki doesn't contain any important data[1] and can be created/destroyed by Autoscaling.
  2. Visitors download images directly from Amazon S3[2] (which is fast), not from Amazon EC2 (where network performance depends on instance type, etc.).

Alternatives[edit]

Instead of using Amazon S3 (and this extension), you can create an Amazon EFS drive and mount it to $wgUploadDirectory. It's recommended for small wikis.

Installation[edit]

  1. Download the extension:
    git clone --depth 1 https://github.com/edwardspec/mediawiki-aws-s3.git AWS
  2. Move the AWS directory to the "extensions" directory of your MediaWiki, e.g. /var/www/html/w/extensions (assuming MediaWiki is in /var/www/html/w).
  3. Run composer install from /var/www/html/w/extensions/AWS (to download dependencies). If you don't have Composer installed, see Composer for how to install it.
  4. Create an S3 bucket for images, e.g. wonderfulbali234.
    Note: this name will be seen in URL of images.
  5. Authorize MediaWiki to access Amazon S3:
    1. If your EC2 instance has an IAM instance profile (recommended), copy everything from "Needed IAM permissions" (see below) to inline policy of the IAM role. See https://console.aws.amazon.com/iam/home#/roles
    2. If your EC2 instance doesn't have an IAM profile, obtain key/secret for AWS API. You'll need to write it in LocalSettings.php (see below).
  6. Modify LocalSettings.php (see below).

See https://github.com/edwardspec/mediawiki-aws-s3/blob/master/README.md for more details.

Configuration[edit]

Step 1: configure LocalSettings.php[edit]

wfLoadExtension( 'AWS' );

// Configure AWS credentials.
// THIS IS NOT NEEDED if your EC2 instance has an IAM instance profile.
$wgAWSCredentials = [
	'key' => '<something>',
	'secret' => '<something>',
	'token' => false
];

$wgAWSRegion = 'us-east-1'; # Northern Virginia

// Replace <something> with the name of your S3 bucket, e.g. wonderfulbali234.
$wgAWSBucketName = "<something>";

Step 2: needed IAM permissions[edit]

Visit the IAM Management Console - https://console.aws.amazon.com/iam/home - and add "Inline policy" to the IAM role of your Webserver.

Inline policy should contain[3] the following permissions (replace <something> with the name of your S3 bucket, e.g. wonderfulbali234):

{
        "Effect": "Allow",
        "Action": [
                "s3:*"
        ],
        "Resource": [
                "arn:aws:s3:::<something>/*"
        ]
},
{
        "Effect": "Allow",
        "Action": [
                "s3:Get*",
                "s3:List*"
        ],
        "Resource": [
                "arn:aws:s3:::<something>"
        ]
}

See also[edit]

Footnotes[edit]

  1. Assuming the database (e.g. MySQL) is also not on this server, e.g. in Amazon RDS.
  2. Except in private wikis. For them images are served via img_auth.php . Presigned URLs are not (yet?) supported.
  3. Within the Statement array, as in this example.