Setup bucket

  1. Login to AWS and setup a new S3 bucket.

  2. For the public access settings this is the most secure configuration that will allow uploads from your forms:

    Public access requirements for S3 bucket

  3. Under Permissions → CORS Configuration, add the following:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "PUT",
            "POST",
            "GET"
        ],
        "AllowedOrigins": [
            "https://*.paperform.co"
        ],
        "ExposeHeaders": [
            "ETag"
        ]
    }
]

Additional step for custom domains

If you use custom domains on Paperform then you will need to add additional AllowedOrigins to give your custom domain permission to upload files to your S3 bucket.

For example, if you had a custom domain forms.mysite.com then your allowed origins should be:

[
  "https://*.paperform.co",
  "https://forms.mysite.com"
]

Setup IAM User with permissions

  1. Go to IAM in AWS.

  2. Create a new user with "programmatic access".

  3. Under "Set Permissions" select Attach existing policies directly → Create policy.

  4. In the policy creator, select the "JSON" tab and paste the below policy.

    {
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Action": ["s3:ListBucket"],
        "Resource": ["arn:aws:s3:::BUCKETNAME"]
        },
        {
        "Sid": "Stmt1466908203000",
        "Effect": "Allow",
        "Action": [
            "s3:AbortMultipartUpload",
            "s3:GetBucketAcl",
            "s3:GetBucketCORS",
            "s3:GetObject",
            "s3:GetObjectAcl",
            "s3:ListBucket",
            "s3:ListBucketMultipartUploads",
            "s3:ListMultipartUploadParts",
            "s3:PutObject",
            "s3:PutObjectAcl",
            "s3:PutObjectVersionAcl"
        ],
        "Resource": ["arn:aws:s3:::BUCKETNAME/*"]
        }
    ]
    }
    

    Note that you should replace the BUCKETNAME with the name you choose for your S3 bucket.

  5. Save the policy under any name you like.

  6. Go back to the user setup.

  7. Select the newly created policy (you may need to refresh the listing to search for the policy).

  8. Complete user setup and ensure you download credentials.csv.

Give credentials to Paperform for setup

Fill out https://byo-s3-setup.paperform.co to give Paperform the relevant information to setup the S3 bucket as the upload location for your forms. Paperform will complete and test the setup and get back to you within 2 business days.