By default, all OpenWater customers receive storage in our Amazon S3 Account, hosted in US-EAST-1 region (Virginia). OpenWater's storage is encrypted at rest and in transit and is covered by our SOC2 audit.

Customer may opt to store files in their own region for a variety of reasons:

  • OpenWater includes 1 TB of storage, and charges for additional storage. Some organizations such as Fortune 500, Hospitals, and Universities are able to negotiate discounts with their storage provider at a lower cost than OpenWater can provide.

  • Customers may not want to store data in US-EAST-1 (Virginia)

  • Customers may not want to adhere to OpenWater's data retention and backup policy (data is retained for 365 days after it is deleted)

Configuration

  1. When logged in as a System Administrator with the Manage System permission, go to System Settings > System Features

2. Enable Custom Media File Storage

3. Depending on the provider you will have to take certain steps, please see the appropriate section below.


Settings for Amazon S3 Storage

For Amazon S3, use IAM to create an API access account. Then attach a custom policy. Replace your-bucket-name with the name of your bucket.

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::your-bucket-name/*"
}
]
}

After that go to the bucket you created,

[
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET", "PUT", "POST"],
"MaxAgeSeconds": 3000,
"AllowedHeaders": [
"Authorization",
"x-amz-date",
"x-amz-content-sha256",
"content-type"
],
"ExposeHeaders": ["ETag"]
},
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET"],
"MaxAgeSeconds": 3000
}
]

Settings for Azure Blob Storage

In the Azure portal, set the CORS settings as follows


Changing Storage Providers

Custom Storage is intended to be a configuration option set once, and only changed if security credentials need to be rotated. When a file is stored with OpenWater, the system marks it as "Stored with OpenWater" or "Stored with Custom Provider".

In other words, we support only 1 custom storage provider, if you change the storage provider, the previously stored files are not automatically linked to the new provider, nor is the link to the old provider retained. If you change storage providers, it is your responsibility to copy the files in the exact folder structure to the new provider.

Did this answer your question?