Menu
Open source
Amazon S3 permissions
For configuration options, refer to the storage section on the configuration page.
The following authentication methods are supported:
- AWS environment variables
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEY - Static access key and secret credentials specified in
access_keyandsecret_key - MinIO environment variables
MINIO_ACCESS_KEYandMINIO_SECRET_KEY - AWS shared credentials configuration file
- MinIO client credentials configuration file
- AWS IAM (IRSA via WebIdentity,
- AWS EC2 instance role)
- AWS EKS Pod Identity
The following IAM policy shows minimal permissions required by Tempo, where the bucket has already been created.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TempoPermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": ["arn:aws:s3:::<bucketname>/*", "arn:aws:s3:::<bucketname>"]
}
]
}Lifecycle policy
A lifecycle policy is recommended that deletes incomplete multipart uploads after one day.
Was this page helpful?
Related resources from Grafana Labs
Video
Getting started with tracing and Grafana Tempo
In this webinar, we'll show you how to get started setting up Grafana Tempo, our open source, easy-to-use and high-volume distributed tracing backend.
Video
Scaling your distributed tracing with Grafana Tempo
In this demo, we’ll show how Grafana Tempo allows you to scale tracing as far as possible with less operational cost and complexity than ever before.