Login to AWS and setup a new S3 bucket.
For the public access settings this is the most secure configuration that will allow uploads from your forms:
Under Permissions → CORS Configuration, add the following:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"GET"
],
"AllowedOrigins": [
"https://*.paperform.co"
],
"ExposeHeaders": [
"ETag"
]
}
]
Additional step for custom domains
If you use custom domains on Paperform then you will need to add additional AllowedOrigins
to give your custom domain permission to upload files to your S3 bucket.
For example, if you had a custom domain forms.mysite.com then your allowed origins should be:
[
"https://*.paperform.co",
"https://forms.mysite.com"
]
Go to IAM in AWS.
Create a new user with "programmatic access".
Under "Set Permissions" select Attach existing policies directly → Create policy.
In the policy creator, select the "JSON" tab and paste the below policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": ["arn:aws:s3:::BUCKETNAME"]
},
{
"Sid": "Stmt1466908203000",
"Effect": "Allow",
"Action": [
"s3:AbortMultipartUpload",
"s3:GetBucketAcl",
"s3:GetBucketCORS",
"s3:GetObject",
"s3:GetObjectAcl",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:PutObjectVersionAcl"
],
"Resource": ["arn:aws:s3:::BUCKETNAME/*"]
}
]
}
Note that you should replace the BUCKETNAME
with the name you choose for your S3 bucket.
Save the policy under any name you like.
Go back to the user setup.
Select the newly created policy (you may need to refresh the listing to search for the policy).
Complete user setup and ensure you download credentials.csv.
Fill out https://byo-s3-setup.paperform.co to give Paperform the relevant information to setup the S3 bucket as the upload location for your forms. Paperform will complete and test the setup and get back to you within 2 business days.