ConfigurationS3 Permissions

S3 Permissions

For configuration options, refer to the storage section on the configuration page.

The following authentication methods are supported:

The following IAM policy shows minimal permissions required by Tempo, where the bucket has already been created.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "TempoPermissions",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetObjectTagging",
                "s3:PutObjectTagging"
            ],
            "Resource": [
                "arn:aws:s3:::<bucketname>/*",
                "arn:aws:s3:::<bucketname>"
            ]
        }
    ]
}

Lifecycle Policy

A lifecycle policy is recommended that deletes incomplete multipart uploads after one day.