How to Create AWS S3 Object URL with Tildamail

IMPORTANT: Do NOT use the bucket for any purpose other than storing the public objects and do NOT share any object URL inside of it.

By default, your end-to-end encrypted message history is cleared on logout. You have control over your data and can export/import and save it anywhere. By design, Tildamail’s testnet servers do not store your end-to-end encrypted data, it just delivers them. So you own and manage your data as you see fit. Your private data includes message history containing chats and any file attachments shared.
Follow the steps below, if you’d like to have your message history stored and synchronized with a custom AWS S3 bucket:
  1. Create a new AWS account if you haven’t done so already following the steps at: https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/
  1. Open the Amazon S3 console at: https://console.aws.amazon.com/s3/
  1. Create an S3 bucket at https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html
  1. Open the previously created or preferred bucket at: https://console.aws.amazon.com/s3/home/.
  1. Open the "Permissions" tab on the bucket page.
  1. Find the "Block public access (bucket settings)" setting and click "Edit" next to it.
  1. Turn off the "Block all public access" option and click the "Save changes" button at the bottom of the page (DANGEROUS operation, make sure the bucket is empty, confidential, and intended for storing Tildamail data).
  1. Find the "Bucket policy" setting on the "Permissions" tab and click "Edit" next to it.

  1. Paste the following text below and replace "BUCKET_NAME" with the name of the current bucket, click "Save changes" afterward:

     {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Sid": "PublicReadGetObject",
       "Effect": "Allow",
       "Principal": "*",
       "Action": [
       "s3:GetObject",
       "s3:PutObject"
       ],
       "Resource": "arn:aws:s3:::BUCKET_NAME/*"
     }
   ]
 }
  1. Find the "Cross-origin resource sharing (CORS)" setting on the "Permissions" tab and click "Edit" next to it.

  1. Paste the text below and click "Save changes" at the bottom:

      [
    {
      "AllowedHeaders": [
          "*"
      ],
      "AllowedMethods": [
          "PUT",
          "DELETE",
          "GET"
      ],
      "AllowedOrigins": [
          "https://www.tildamail.com"
      ],
      "ExposeHeaders": []
    }
  ]
  1. Open the storage settings (Settings > Storage) in Tildamail at: https://www.tildamail.com/settings/storage/.

  1. Enter a URL of the object following the template: https://S3_BUCKET_NAME.s3.AWS_REGION.amazonaws.com/FILE_NAME.tld, where the "S3_BUCKET_NAME" is a name of the properly configured bucket (e.g., some-storage), "AWS_REGION" is a region where the bucket was created (e.g., us-west-1), and "FILE_NAME" is the object name (e.g., tilda-history). The object will be created if it does not exist.

    Example: https://some-storage.s3.us-west-1.amazonaws.com/tilda-history.tld

Completing the steps mentioned above results in a light-configured bucket for storing your encrypted data from Tildamail.

Finally, copy and save the previously used object URL for further synchronization of your message history anytime and on any device (use it on a single device at a time).