AWS S3
S3 = Simple Storage Service
Buckets
| bucket | users | description |
|---|---|---|
| jodapp-dev | engineers | dev bucket to upload from localhost for devs to use their own IAM permissions to upload files |
| jodapp-qa | jodapp.qa.api | qa bucket |
| jodapp | jodapp.prod.api | production bucket |
Bucket Structure
As of 17 July 2025, we are creating the new buckets.
This is the high level structure of the buckets.
{bucket-name}/
public/
website/
cms/
careers/
org/
gig/
{future-domain-name}/
| path | description |
|---|---|
| public/* | anything that anyone on the internet can access. This can be website landing page pictures toOrg::Company logos, etc |
| public/web/ | static assets related to jodapp's website that don't change frequently (e.g. jod company logo). |
| public/cms/ | static assets related to jodapp's website which are updated by marketing |
| public/org/companies/:org-company-uuid/* | Public assets like the company logos, pictures of their office, etc. |
| public/org/companies/:org-company-uuid/ads_creatives | Images used for Ads |
| careers/* | files related to the careers domain |
| careers/user-profiles/:identities-user-uuid/cv-YYYY-MM-DD-HH-MM-SS.pdf | files related to the careers user profile like their resumes and cv. |
| careers/user-profiles/:identities-user-uuid/certificate-YYYY-MM-DD-HH-MM-SS.pdf | to upload their certificates (e.g. food safety hygiene certificate for proof) |
| careers/user-profiles/:identities-user-uuid/education-YYYY-MM-DD-HH-MM-SS.pdf | In the event we need users to upload proof of their Careers::UserEducation (e.g. bachelors cert) |
| org/* | files related to the org domain |
| org/companies/:org-company-uuid/* | Private files related to Org::Company, like their business registration certificates |
| org/companies/:org-company-uuid/invoices/* | In the future, have invoices from Jod to the companies using our service |
| gig/ | files related to the gig domain |
| gig/* | files related to the gig domain |
| {future-domain-name} | files related to the {future-domain-name} |
Local Setup
If you have not received your S3 credentials and require to test upload on your local machine, ask ali@jodapp.com
You require 3 environment variables set in your local (not Rails credentials)
When Rails loads for the first time (i.e. you run rails server), it will execute:
# config/initializers/aws.rb
Aws.config.update(
region: Rails.application.credentials.dig(:aws, :region) || ENV['AWS_REGION']
)
S3_BUCKET = Rails.application.credentials.dig(:aws, :bucket) || ENV['S3_BUCKET']
CLOUDFRONT_DOMAIN = Rails.application.credentials.dig(:aws, :cloudfront_domain) || ENV['CLOUDFRONT_DOMAIN']
# Note: no credentials: we rely on ENV or ~/.aws/credentials or instance role.
Since we will not be adding the credentials into development.yml.enc
Rails.application.credentials.dig(..)returns null.
Then your ENV['AWS_REGION'] will load the value from your local environment.
What goes into /app/credentials/development.yml.enc?
# config/credentials/development.yml
aws:
region: "ap-southeast-1"
bucket: "jodapp-dev"
cloudfront_domain: "d36lsr8dgw3b0p.cloudfront.net"
Adding AWS credentials to your local
- Run in your terminal:
You will need to install aws cli tool on your local to run this command.
Check if you have it installed with which aws
$ aws configure --profile <your-name>-jodapp-dev
AWS Access Key ID [None]: AKIA...
AWS Secret Access Key [None]: 1ab2c...
Default region name [None]: ap-southeast-1
Default output format [None]: json
- Check the files created by
aws configure
$ cat ~/.aws/config
[default]
region = ap-southeast-1
output = json
[profile {your-name}-jodapp-dev]
region = ap-southeast-1
output = json
$ cat ~/.aws/credentials
[default]
aws_access_key_id = AKIA..
aws_secret_access_key = 1ab2c..
[ali-jodapp-dev]
aws_access_key_id = AKIA...
aws_secret_access_key = 1ab2c...
- Set your local shell environment
Paste this into ~/.zshrc or ~/.bashrc.
Change your-name in AWS_PROFILE to the one that was provided to you.
export AWS_PROFILE=your-name-jodapp-dev
export AWS_REGION=ap-southeast-1
export S3_BUCKET=jodapp-dev
export CLOUDFRONT_DOMAIN=d36lsr8dgw3b0p.cloudfront.net
- Kill your current terminal and open up a new one, or source your shell's run command file with
source ~/.zshrcorsource ~/.bashrc.
bashrc or zshrc are your shells startup script.
bash and zsh are your shells.
rc means "run command"
AWS Ruby SDK
AWS SDK by default will look for credentials in the following order:
- Environment Variables: These are defined in your terminal config file (i.e
~/.bashrcor~/.zshrc) - Shared Credentials File:
~/.aws/credentialsadded byaws configure --profile profile-name - IAM Role / EC2 Instance Profile: We will not be using this in our local setup
Access
Dev Environment
Every team member will use their own IAM account.
Each IAM account in AWS will have a limited S3 policy attached to them which allows:
- ListBucket
- PutObject
- GetObject
QA Environment
IAM account for jodapp.qa.api with same S3 policy attached to it.