S3
S3-compatible object storage store using s3mini (~20 KB, zero dependencies). Works with AWS S3, Cloudflare R2, Scaleway, DigitalOcean Spaces, Backblaze B2, MinIO, and any S3-compatible provider.
Installation
- Integrated
- Bundled
Add to your flow.json:
Configuration
This store uses the standard store config wrapper (consent, data, env, id, ...). For the shared fields see store configuration. Package-specific fields live under config.settings and are listed below.
Settings
| Property | Type | Description | More |
|---|---|---|---|
bucket | string | S3 bucket name | |
endpoint | string | S3-compatible endpoint URL | |
accessKeyId | string | S3 access key ID | |
secretAccessKey | string | S3 secret access key | |
region | string | AWS region for SigV4 signing | |
prefix | string | Key prefix prepended to all store keys for scoping |
Mapping
This package does not define custom rule-level settings. For the standard rule fields (consent, condition, data, batch, name, policy) see mapping.
Examples
Prefix scoping
Key "walker.js" with prefix "public/" resolves to S3 path "public/walker.js"
Read from S3
Read object from S3 and receive its contents as a Buffer
Provider examples
| Provider | Endpoint | Notes |
|---|---|---|
| AWS S3 | https://s3.<region>.amazonaws.com | Set region to your actual region |
| Cloudflare R2 | https://<account>.r2.cloudflarestorage.com | No egress fees |
| Scaleway | https://s3.<region>.scw.cloud | EU hosting |
| DigitalOcean | https://<region>.digitaloceanspaces.com | Simple pricing |
| Backblaze B2 | https://s3.<region>.backblazeb2.com | Cheapest storage |
| MinIO | http://localhost:9000 | Self-hosted |
Credentials
Use $env. references in your flow config to avoid hardcoding secrets:
Unlike the AWS SDK, s3mini has no implicit credential chain: accessKeyId and secretAccessKey are always required.
File serving pattern
The primary use case is serving static files via the file transformer. This is the recommended pattern for managed deployments (Mode D) where files live in a bucket rather than needing to be baked into a Docker image:
A request to /static/walker.js looks up public/walker.js in the my-assets bucket.
Provisioning
The package ships an idempotent setup() lifecycle, invoked only by the explicit operator command:
It never runs automatically. It checks whether the bucket exists and creates it if not. Re-running setup is a no-op when the bucket already exists in your account.
Setup options
| Option | Type | Default | Notes |
|---|---|---|---|
region | string | eu-central-1 | Region the bucket is created in (LocationConstraint). Falls back to settings.region when concrete (not auto). |
bucket is taken from settings.bucket and is NOT duplicated under setup.
Enable provisioning
Set setup: true in the component config to enable provisioning with defaults, or pass an object to override:
What setup does NOT apply
s3mini is a minimal S3 client that exposes createBucket and bucketExists only. It does NOT expose PutBucketEncryption, PutPublicAccessBlock, PutBucketVersioning, PutBucketLifecycleConfiguration, or PutBucketTagging. Configure those once via the AWS Console or aws s3api.
Behavior
- Idempotent create:
BucketAlreadyOwnedByYou(concurrent caller, your account) is treated as success and returns{ bucketCreated: false }.BucketAlreadyExists(different AWS account owns the global name) fails loud with an actionable message so you pick a different name. - Region resolution: explicit
setup.regionwins; otherwisesettings.regionis used when concrete (notauto); otherwise the EU defaulteu-central-1.
Runtime hard-fail
storeS3Init probes bucketExists() once when the collector wires the store. On a missing bucket it throws with an actionable message:
Run walkeros setup store.<id> once to provision the bucket, then redeploy.
Security
- Key validation: Path traversal attempts (
.., absolute paths) are rejected - Prefix scoping: The
prefixsetting restricts all operations to a subdirectory - No credential chain: Credentials must be explicitly provided (no ambient AWS credentials)
API
get() returns Buffer for compatibility with the file transformer, which uses content instanceof Buffer for Content-Length calculation.