Setup bucket

Login to AWS and setup a new S3 bucket.

For the public access settings this is the most secure configuration that will allow uploads from your forms:

public access requirements s3

Under Permissions > CORS Configuration, add the following:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "https://*.paperform.co"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]

Additional step for custom domains:

If you use custom domains on Paperform then you will need to add additional 'AllowedOrigins' to give your custom domain permission to upload files to your S3 Bucket. Eg if you had a custom domain 'forms.mysite.com' then your allowed origins should be:

[
  "https://*.paperform.co",
  "https://forms.mysite.com"
]

Setup IAM User with permissions

Go to IAM in AWS and create a new user with “programmatic access”. Under permissions, select “Attach existing policies directly” > “Create Policy”. In the policy creator select the JSON tab and paste the following policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::BUCKETNAME"]
    },
    {
      "Sid": "Stmt1466908203000",
      "Effect": "Allow",
      "Action": [
        "s3:AbortMultipartUpload",
        "s3:GetBucketAcl",
        "s3:GetBucketCORS",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:PutObjectVersionAcl"
      ],
      "Resource": ["arn:aws:s3:::BUCKETNAME/*"]
    }
  ]
}

Note that you should replace the BUCKETNAME with whatever the name is of the S3 Bucket. Save the policy under whatever name you like then go back to the user setup and select the newly created policy (you may need to click the refresh icon to be able to search for it).

Complete the user setup and take care to download the credentials.csv.

Give credentials to Paperform for setup

Fill out https://byo-s3-setup.paperform.co/ to give Paperform the relevant information to setup the S3 bucket as the upload location for your forms. Paperform will complete and test the setup and get back to you within 48 hours.