Prepare Your AWS S3 Bucket

1. From the S3 Administration console, choose Create Bucket.
2. Make sure you:
   1. Block public access
   2. Disable Object Locking

3. lakeFS requires permissions to interact with your bucket. Following is a minimal bucket policy. To add it, go to the Permissions tab, and paste it as :

    {
     "Id": "Policy1590051531320",
     "Version": "2012-10-17",
     "Statement": [
       {
         "Sid": "Stmt1590051522178",
         "Action": [
            "s3:GetObject",
            "s3:GetObjectVersion",
            "s3:PutObject",
            "s3:AbortMultipartUpload",
            "s3:ListMultipartUploadParts",
            "s3:GetBucketVersioning",
            "s3:ListBucket",
            "s3:GetBucketLocation",
            "s3:ListBucketMultipartUploads",
            "s3:ListBucketVersions"
         ],
         "Effect": "Allow",
         "Resource": ["arn:aws:s3:::<BUCKET_NAME>", "arn:aws:s3:::<BUCKET_NAME_WITH_PATH_PREFIX>/*"],
         "Principal": {
           "AWS": ["arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE>"]
         }
       }
     ]
    }
   

   Replace <ACCOUNT_ID>, <BUCKET_NAME> and <IAM_ROLE> with values relevant to your environment. IAM_ROLE should be the role assumed by your lakeFS installation.

   Alternatively, if you use an AWS user’s key-pair to authenticate lakeFS to AWS, change the policy’s Principal to be the user:

    "Principal": {
      "AWS": ["arn:aws:iam::<ACCOUNT_ID>:user/<IAM_USER>"]
    }
   

You are now ready to create your first lakeFS repository.