Amazon S3
This guide walks you through connecting Sunshine Cloud Storage to Amazon S3.
What You Need
- An AWS account
- An S3 bucket
- An IAM user with access keys and permission to read/write to the bucket
Step 1: Create an S3 Bucket
In the AWS Console, go to S3 and create a new bucket. Choose a region close to your website server or your primary audience for best performance.
Under Object Ownership, select ACLs enabled with Bucket owner preferred. This allows Sunshine to make full-size gallery images private while keeping thumbnails public.
Leave Block Public Access settings at the defaults for now. If you plan to use CloudFront, you can tighten these later.
For full details on creating S3 buckets, see AWS documentation on creating a bucket.
Step 2: Create an IAM User
Go to IAM in the AWS Console and create a new user for Sunshine. Attach a policy with the following permissions on your bucket:
s3:ListBuckets3:GetObjects3:PutObjects3:PutObjectAcls3:DeleteObjects3:GetBucketLocation
After creating the user, create an Access Key (select "Application running outside AWS" as the use case). Save the Access Key ID and Secret Access Key — you'll need both.
For full details, see AWS documentation on creating IAM users and creating access keys.
Step 3: Connect in Sunshine
- Go to Sunshine Photo Cart > Settings > Cloud Storage.
- Select Amazon S3 as the provider.
- Choose your connection method:
- Database — Enter your Access Key ID and Secret Access Key directly in the settings.
- wp-config.php (recommended) — Add the provided code snippet to your
wp-config.phpfile. - Click Load Buckets to see your available buckets, then select yours.
- Click Test Connection to verify everything works.
wp-config.php Example
define( 'SUNSHINE_CLOUD_STORAGE_SETTINGS', serialize( array(
'provider' => 'aws',
'access-key-id' => 'AKIAIOSFODNN7EXAMPLE',
'secret-access-key' => 'wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY',
'bucket' => 'my-bucket-name',
) ) );
Learn how to add this custom code to your WordPress website
Using CloudFront (Optional)
Amazon CloudFront is a CDN that can serve your images from edge locations worldwide for faster loading. It's optional — images work fine served directly from S3.
To use CloudFront:
- Create a CloudFront distribution with your S3 bucket as the origin.
- Once deployed, enter your CloudFront domain (e.g.,
https://d1234567890.cloudfront.net) in the Custom Domain field in Sunshine's Cloud Storage settings.
New images will be served through CloudFront. Existing images continue to work through direct S3 URLs.
CORS Configuration
If images aren't loading in the WordPress admin but work fine on the frontend of your site, your S3 bucket likely needs CORS (Cross-Origin Resource Sharing) headers. This allows the browser to load images from S3 when you're managing galleries in WordPress.
In the AWS Console, go to your S3 bucket > Permissions > Cross-origin resource sharing (CORS) and add:
[
{
"AllowedOrigins": ["*"],
"AllowedMethods": ["GET", "HEAD"],
"AllowedHeaders": ["*"],
"MaxAgeSeconds": 86400
}
]
Learn how to add this custom code to your WordPress website
Using * for origins is safe here since these are publicly accessible images.
Troubleshooting
"AccessControlListNotSupported" warning
Your bucket has Object Ownership set to "Bucket owner enforced," which disables per-object ACLs. Go to your S3 bucket > Permissions > Object Ownership and change it to "ACLs enabled" with "Bucket owner preferred." Then re-run the test connection.
Bucket region not detected
Sunshine auto-detects the bucket region. If this fails, make sure your IAM user has the s3:GetBucketLocation permission.
Access denied errors
Verify your IAM policy includes all the required permissions listed above and that the policy targets the correct bucket ARN (e.g., arn:aws:s3:::my-bucket-name and arn:aws:s3:::my-bucket-name/*).
Still need help?
If you have not yet found your answer in the documentation articles, please contact support