Skip to content
Docs

Connect cloud storage

MK.IO uses your own cloud storage to hold media assets. Before you can upload, transform, or publish content, you need to connect at least one storage account. MK.IO supports Azure Blob Storage and Amazon S3. Google Cloud Storage support is coming soon.


Prerequisites

Section titled “Prerequisites”

You need an AWS account with permissions to create IAM users and manage S3 buckets.

Step 1: Create an S3 bucket

Section titled “Step 1: Create an S3 bucket”

If you do not already have an S3 bucket for MK.IO to use:

  1. Go to the AWS Console and open S3.
  2. Click Create bucket.
  3. Choose a bucket name and select the AWS region closest to your MK.IO project region. MK.IO automatically detects the bucket region — you do not enter a region in MK.IO.
  4. Leave Block Public Access settings enabled (MK.IO accesses the bucket using credentials, not public URLs).
  5. Click Create bucket.

MK.IO detects your bucket’s region automatically from the bucket name. There is no region field to fill in when connecting S3 storage.

Step 2: Create an IAM user with S3 permissions

Section titled “Step 2: Create an IAM user with S3 permissions”

MK.IO accesses your S3 bucket using an IAM access key. Create a dedicated IAM user with the minimum required permissions.

Create the IAM user

Section titled “Create the IAM user”
  1. Open IAM in the AWS Console.
  2. Go to Users and click Create user.
  3. Enter a username (for example, mkio-storage) and click Next.
  4. Select Attach policies directly and click Create policy.
  5. Switch to the JSON editor and paste the following policy, replacing your-bucket-name with your actual bucket name:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::your-bucket-name",
        "arn:aws:s3:::your-bucket-name/*"
      ]
    }
  ]
}
  1. Name the policy (for example, mkio-s3-access) and click Create policy.
  2. Return to the user creation tab, refresh the policy list, select your new policy, and complete the user creation.

Create access keys

Section titled “Create access keys”
  1. Open your newly created IAM user.
  2. Go to the Security credentials tab.
  3. Under Access keys, click Create access key.
  4. Choose Application running outside AWS as the use case.
  5. Click Create access key.
  6. Copy the Access key ID and Secret access key and store them securely. AWS does not show the secret access key again after this screen.

Step 3: Add the S3 bucket in MK.IO

Section titled “Step 3: Add the S3 bucket in MK.IO”
  1. Go to app.mk.io and open your project.
  2. Select Storage from the left navigation.
  3. Click Add Storage.
  4. Fill in the required fields:
    • Storage account name: A display name for this connection (for example, my-s3-bucket).
    • Description: Optional.
    • Bucket name: The exact name of your S3 bucket.
    • Access key ID: The access key ID you copied in Step 2.
    • Secret access key: The secret access key you copied in Step 2.
  5. Click Submit.

MK.IO connects to the bucket and the storage account appears in your storage list.

Troubleshooting

Section titled “Troubleshooting”

Error: “Access Denied: Invalid AWS credentials” or “Error getting region for bucket”

This error means MK.IO cannot authenticate with your AWS credentials. There is no region field in MK.IO because the region is detected automatically from the bucket. If you see this error:

  • Verify that the Access key ID and Secret access key are correct and have not been regenerated since you copied them.
  • Confirm that the IAM user or role associated with these credentials has the s3:GetObject, s3:PutObject, s3:DeleteObject, and s3:ListBucket permissions on the bucket.
  • Check that the bucket name you entered in MK.IO is spelled exactly as it appears in AWS, including the case.
  • If the credentials belong to an IAM role rather than a user, confirm that the role’s trust policy allows the credentials to be used from outside AWS.

Error: “Bucket does not exist”

Confirm the bucket name and that the bucket exists in your AWS account. Bucket names are globally unique — if the name exists but belongs to a different AWS account, you receive this error.
© 2025–2026 MediaKind. All rights reserved.