Prepare Your AWS S3 Bucket
- From the S3 Administration console, choose
Create Bucket
. - Make sure you:
- Block public access
- Disable Object Locking
-
lakeFS requires permissions to interact with your bucket. Following is a minimal bucket policy. To add it, go to the
Permissions
tab, and paste it as :{ "Id": "Policy1590051531320", "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1590051522178", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:GetBucketVersioning", "s3:ListBucket", "s3:GetBucketLocation", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions" ], "Effect": "Allow", "Resource": ["arn:aws:s3:::<BUCKET_NAME>", "arn:aws:s3:::<BUCKET_NAME_WITH_PATH_PREFIX>/*"], "Principal": { "AWS": ["arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE>"] } } ] }
Replace
<ACCOUNT_ID>
,<BUCKET_NAME>
and<IAM_ROLE>
with values relevant to your environment.IAM_ROLE
should be the role assumed by your lakeFS installation.Alternatively, if you use an AWS user’s key-pair to authenticate lakeFS to AWS, change the policy’s Principal to be the user:
"Principal": { "AWS": ["arn:aws:iam::<ACCOUNT_ID>:user/<IAM_USER>"] }
You are now ready to create your first lakeFS repository.