Configure DAM to Use Amazon S3 - Precisely_EnterWorks - EnterWorks - 11.0

EnterWorks Guide

Product type
Software
Portfolio
Verify
Product family
EnterWorks
Product
Precisely EnterWorks
Precisely EnterWorks > EnterWorks
Version
11.0
Language
English
Product name
Precisely EnterWorks
Title
EnterWorks Guide
Copyright
2024
First publish date
2007
Last updated
2025-01-07
Published on
2025-01-07T07:44:20.997000

The following variables are used in this documentation to describe the configuration parameters for AWS S3. Replace them with your values.

  • <AWSAccessKeyID>: the AWS Access Key ID.

  • <AWSSecretKey>: the AWS Secret Access Key.

  • <AWSBucketName>: the name of the bucket in which DAM is to be stored.

  • <AWSDamrootFolder>: the name of the folder in the designated bucket, for example: "DAMRoot".

  • <AWSS3Mode>:

    • env: (Default setting.) Uses flags for credentials. Use this setting if you are using secret and access keys.
    • iam: Uses IAM Role.
  • <AWSRegion>: the region name for the S3 storage.

  • <AWSS3PublicRead>: Sets the ability for the public to read files uploaded to AWS S3.

    • true: (Default value.) The bucket is public.
    • false: The bucket is private.
  • <RoleBasedAuth>:

    • true: if you are using role-based security.
    • false: if you are not using role-based security.

In this procedure you will be editing settings in configuration files and scripts. Several of the files have one or more settings whose name includes "AWSAccessKey". In some of those files you will be directed to set this setting to <AWSSecretKey> and in some you will be directed to set it to <AWSAccessKeyID>. This is intentional. Set the values of those settings as directed.

To configure EnterWorks to use Amazon S3:

  1. Stop EnterWorks services on all servers.
  2. On any server that has the following folders, use the BackupForDeployment.bat script, which will back up the folders:
    • <drive>:\Enterworks\EnableServer
    • <drive>:\Enterworks\enable2020
    • <drive>:\Enterworks\Utilities
  3. Open the DamConfig repository and set:
    DamAssetURL
    to:
    http://s3.amazonaws.com/<AWSBucketName>/<AWSDamrootFolder>
  4. Open the DamVariant repository and set:
    OutputPath
    to:
    
                <AWSDamrootFolder>/<VariantName>
  5. On the all servers where Tomcat or WildflyWorkers exist, configure the DAMReportUtility utility:
    1. Open for editing:
      <drive>:\Enterworks\Utilities\DAMReportUtility\DAMReportUtility-config.json
    2. Find the settings for non-local DAM storage:
      "awsBucketName": "@AWS_Bucket_Folder@",
      "awsDAMRootFolder": "@AWS_DAM Root_Folder@",
      "awsAccessKeyId": "@AWS_Access_Key_Id@",
      "awsAccessKey": "@AWS_Access_Key@",
      "awsRegion": "@AWS_Region@",
      "awsMode": "@AWS_IAM@",
      "azBlobStorageAccount": "@AZURE_BLOB_ACCOUNT_NAME@",
      "azBlobURL": "@OPTIONAL, FORMAT=https://<azBlobStorageAccount>.blob.core.windows.net/<azBlobContainerName>@",
      "azBlobAccessKey": "@AZURE_BLOB_ACCESS_KEY@",
      "azBlobContainerName": "AZURE_BLOB_CONTAINER_NAME",
      "azBlobDAMRootFolder": "@DAMROOT-FOLDER@"
    3. Delete all non-local storage settings that begin with azBlob.
    4. Uncomment out or add the following keys and specify their values:
      "awsBucketName": "<AWSBucketName>",
      "awsDAMRootFolder": "<AWSDamrootFolder>",
      "awsAccessKeyId": "<AWSAccessKeyID>",
      "awsAccessKey": "<AWSAccessKey>",
      "awsRegion": "<AWSRegion>"
      "awsMode": "<AWSS3Mode>",
    5. If "encryptedMode": "true" the DAMReport Utility is encrypted.
      1. Use EnterWorks encryption to encrypt <AWSAccessKeyID>.
      2. Use EnterWorks encryption to encrypt <AWSAccessKey>.
      3. Set:
        "awsAccessKeyId": "<encrypted-AWSAccessKeyID>",
        "awsAccessKey": "<encrypted-AWSAccessKey>",
    6. Else, "encryptedMode": "false". The utility is not encrypted. Set:
      "awsAccessKeyId": "<AWSAccessKeyID>",
      "awsAccessKey": "<AWSAccessKey>",
    7. Save and exit the file.
  6. Update the shared configuration properties:
    1. Find the non-local DAM storage settings:
      ####################################################################### 
      # Amazon S3 web service support
      #######################################################################
      #amazon.s3.AWSBucketName= 
      #amazon.s3.AWSDAMRootFolder=
      #amazon.s3.isRoleBasedAuth= 
      #If S3 role based authentication is false add these additional keys: 
      #amazon.s3.AWSAccessKey= 
      #amazon.s3.AWSSecretKey=
      #amazon.s3.AWSRegion=
      ####################################################################### 
      # Azure Blob Storage support
      #######################################################################
      #Azure.Blob.AzBlobStorageAccount= 
      #Azure.Blob.AzBlobAccessKey=
      #Azure.Blob.AzBlobContainerName= 
      #Azure.Blob.AzBlobDAMRootFolder=
      #Azure.Blob.UseHttps=
    2. EnterWorks can only be configured for one type of non-local storage at a time. If the settings for Azure.Blob are not commented out, comment them out.
    3. Set the values:
      amazon.s3.AWSBucketName=<AWSBucketName>
      amazon.s3.AWSDamrootFolder=<AWSDamrootFolder>
      amazon.s3.isRoleBasedAuth=<RoleBasedAuth>
      amazon.s3.AWSRegion=<AWSRegion>
    4. If amazon.s3.isRoleBasedAuth is false, add the following additional keys.
      amazon.s3.AWSAccessKey=<AWSAccessKeyID>
      amazon.s3.AWSSecretKey=<AWSSecretKey>
    5. Set dam.use.asset:
      • If dam.use.asset.url=true, if S3 is configured for public access, EnterWorks will use the public URL to retrieve an asset.

      • If dam.use.asset.url=false, EnterWorks will use credentials (access key and secret key) or a secured session through role-based authentication configured by your enterprise.

  7. Set Amazon S3 configuration parameters for enable-dam-manager-service:
    1. Open enable-dam-manager-service's create-service script for editing:
      <install-drive>:\Enterworks\enable2020\services\install\create-enable-dam-manager-service.<ext>
    2. Find the non-local DAM settings:
      rem -azBlobStorageAccount= ^
      rem -azBlobAccessKey= ^
      rem -azBlobContainerName= ^
      rem -azBlobDAMRootFolder= ^
      
      rem -awsBucketName=  ^
      rem -awsDAMRootFolder=  ^
      rem -awsAccessKeyId=  ^
      rem -awsAccessKey=  ^
      rem -awsRegion=  ^
      rem -awsMode=  ^
      rem -awsS3PublicRead= ^
    3. DAM can only be configured for one non-local storage at a time. Comment out the settings beginning with azBlob.
    4. If the following flags don't exist, add them.
      -awsBucketName=<AWSBucketName>  ^
      -awsDAMRootFolder=<AWSDamrootFolder>  ^
      -awsAccessKeyId=<AWSAccessKeyID> ^
      -awsAccessKey=<AWSSecretKey>  ^
      -awsRegion=<AWSRegion>  ^
      -awsMode=<AWSS3Mode>  ^
      -awsS3PublicRead=<AWSS3PublicRead> ^
    5. If "encryptedMode": "true", enable-dam-manager-service is encrypted.
      1. Use EnterWorks encryption to encrypt <encrypted-AWSAccessKeyID>.
      2. Use EnterWorks encryption to encrypt <encrypted-AWSAccessKey.
      3. Set:
        -awsAccessKeyId=<encrypted-AWSAccessKeyID> ^
        -awsAccessKey=<encrypted-AWSSecretKey>
    6. Else, "encryptedMode": "false". enable-dam-manager-service is not encrypted.

      Set:

      -awsAccessKeyId=<AWSAccessKeyID> ^
      -awsAccessKey=<AWSSecretKey>
    7. Save and exit the file.
    8. Use the create-enable-dam-manager-service.cmd script.
  8. In order for your changes to take effect, you need to restart EnterWorks services.
  9. Perform DAM Operational Verification.