S3 Permissions
For configuration options, refer to the storage section on the configuration page.
The following authentication methods are supported:
- AWS environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
- Static access key and secret credentials specified in
access_key
andsecret_key
- MinIO environment variables MINIO_ACCESS_KEY and MINIO_SECRET_KEY
- AWS shared credentials configuration file
- MinIO client credentials configuration file
- AWS IAM (IRSA via WebIdentity,
- AWS EC2 instance role)
The following IAM policy shows minimal permissions required by Tempo, where the bucket has already been created.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "TempoPermissions",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject",
"s3:GetObjectTagging",
"s3:PutObjectTagging"
],
"Resource": [
"arn:aws:s3:::<bucketname>/*",
"arn:aws:s3:::<bucketname>"
]
}
]
}
Lifecycle Policy
A lifecycle policy is recommended that deletes incomplete multipart uploads after one day.
Related Tempo resources
GrafanaCONline 2021
Be the first to learn about exciting next-generation features in Grafana 8.0, be inspired by what community members are building, and attend expert-led sessions and workshops on Grafana, Prometheus, Loki logs, and more.
Getting started with tracing and Grafana Tempo
In this session, we will use an instrumented application to demonstrate how to use logs and Prometheus exemplars to find traces effectively in Tempo. The demo will hit on the basics of operating Tempo and reveal how Tempo allows us to scale tracing as far as possible with less operational cost and complexity than ever before.
Tracing made simple with Grafana
Dive into the new options for viewing tracing data inside Grafana and learn how to make tracing an integral part of your observability strategy.