IAM User Example Policy

The following JSON is an example policy configuration:

json
{
"Version": "2012-10-17",
"Statement": [
  {
    "Effect": "Allow",
    "Action": ["s3:ListBucket"],
    "Resource": ["arn:aws:s3:::BUCKET_NAME"]
  },
  {
    "Effect": "Allow",
    "Action": ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"],
    "Resource": ["arn:aws:s3:::BUCKET_NAME/*"]
  }
]
}

The policy can be used as an inline policy attached directly to the user through the AWS console:

IAM User Example Policy

Figure 5. IAM User Example Policy


You must also tell which bucket to use. These settings must be identical on all nodes across the entire cluster.

ini
S3_STORAGE_BUCKET=$BUCKET_NAME
S3_STORAGE_REGION=$BUCKET_REGION
S3_STORAGE_ENCRYPTION_KEY=$ENCRYPTION_SECRET
S3_STORAGE_OBJECT_KEY_PREFIX=/basefolder
USING_EPHEMERAL_DISKS=true

The first option here is to set the name of the bucket to use. The encryption key given with S3_STORAGE_ENCRYPTION_KEY can be any UTF-8 string. The suggested value is 64 or more random ASCII characters.

The S3_STORAGE_OBJECT_KEY_PREFIX is used to set the optional prefix for all object keys allows multiple LogScale clusters to use the same bucket. The prefix is unset by default.

Note

There is a performance penalty when using a non-empty prefix. We recommend an unset prefix. If there are any ephemeral disks in the cluster, you must set the last option here to true.