Important: This documentation is about an older version. It's relevant only to the release noted, many of the features and functions have been updated or replaced. Please view the current version.
Amazon S3 permissions
For configuration options, refer to the storage section on the configuration page.
The following authentication methods are supported:
- AWS environment variables
AWS_ACCESS_KEY_ID
andAWS_SECRET_ACCESS_KEY
- Static access key and secret credentials specified in
access_key
andsecret_key
- MinIO environment variables
MINIO_ACCESS_KEY
andMINIO_SECRET_KEY
- AWS shared credentials configuration file
- MinIO client credentials configuration file
- AWS IAM (IRSA via WebIdentity,
- AWS EC2 instance role)
The following IAM policy shows minimal permissions required by Tempo, where the bucket has already been created.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TempoPermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::<bucketname>/*",
"arn:aws:s3:::<bucketname>"
]
}
]
}
Lifecycle policy
A lifecycle policy is recommended that deletes incomplete multipart uploads after one day.