We describe the process to set up AWS S3 to connect your data to the Tenyks platform.
🚀 AWS S3 connection is available for the Pro plan.
📣 Please make sure you read the following points before continuing.
We need read-only access to the dataset images. We need to store metadata (e.g., thumbnails, compressed files); we can store it for you. If this is convenient for you, follow the read-only approach (Section 3.1). This is the recommended approach! 💫
(Optional) If you prefer to store metadata on your own cloud, you can:
Create a separate metadata bucket with read/write access (Section 3.2.1), OR
Create a single bucket with separate image and metadata folders on the same bucket, and provide us read/write access to that entire bucket (Section 3.2.2).
Here's the expected folder structure based on the option you choose:
Container name: {your_tenyks_data_bucket}
Within this container, organize your data as follows:
Images Directory:
{your_tenyks_data_bucket}/{your_dataset_name}/{images_directory_name}/image_n.png
Predictions File (in COCO Format):
{your_tenyks_data_bucket}/{your_dataset_name}/predictions.json
Annotations File (in COCO Format):
{your_tenyks_data_bucket}/{your_dataset_name}/annotations.json
Metadata Directory: We will set this up for you!
Container name: {your_tenyks_data_bucket}
Within this container, organize your data as follows:
Images Directory:
{your_tenyks_data_bucket}/{your_dataset_name}/{images_directory_name}/image_n.png
Predictions File (in COCO Format):
{your_tenyks_data_bucket}/{your_dataset_name}/predictions.json
Annotations File (in COCO Format):
{your_tenyks_data_bucket}/{your_dataset_name}/annotations.json
Metadata Directory:
{your_tenyks_data_bucket}/{your_dataset_name}/{metadata_directory_name} (see Sections 3.2.1 and 3.2.2)
We assume you have set up the necessary bucket(s). Please follow the structure described above. In case you need to brush up your AWS skills 👷, here is a fantastic article explaining how to create your first S3 bucket.
Inside the AWS Management Console navigate to IAM.
Under the 'Access management' menu, click on 'Policies'.
A list of all the available policies will be displayed, see Figure 1. Click on 'Create policy'.
In the 'Policy Editor,' select JSON.
Copy and paste the following permission: (i) replace {your_tenyks_data_bucket} with the name of your images bucket, and (ii) replace {images_directory_name} with the name of your folder for images.
JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "tenyksReadOnlyAccess",
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::{your_tenyks_data_bucket}/{images_directory_name}/*",
"arn:aws:s3:::{your_tenyks_data_bucket}"
]
}
]
}
Define a policy name, and a description (optional).
After creating the policy, you should see a similar screen as shown in Figure 2.
Note that this read/write bucket is only required if you prefer that your metadata stays in your cloud. The recommended approach is to follow the read-onlymethod described in Section 3.1.
Click on "Create policy".
In the 'Policy Editor,' select JSON.
Copy and paste the following permission: (i) replace {your_tenyks_metadata_bucket} with the name of your metadata bucket, and (ii) replace {metadata_directory_name} with the name of your folder for metadata.
JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "tenyksWriteAccess",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::{your_tenyks_metadata_bucket}/{metadata_directory_name}/*",
"arn:aws:s3:::{your_tenyks_metadata_bucket}"
]
}
]
}
Define a policy name, and a description (optional).
Create the policy
✅ You should have two different policies, one for the images bucket and another for the metadata bucket, as shown in Figure 3.
This step assumes that
(i) your metadata will stay in your cloud
(ii) you created one single bucket with separate images and metadata directories
Click on "Create policy".
In the 'Policy Editor,' select JSON.
Copy and paste the following permission: replace {YOUR_BUCKET} with the name of your bucket.
JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "tenyksFullBucketAccess",
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:PutObject",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::{your_tenyks_data_bucket}/*",
"arn:aws:s3:::{your_tenyks_data_bucket}"
]
}
]
}
Define a policy name, and a description (optional).
Create the policy
✅ You should have one policy, as shown in Figure 4.
Go to your metadata bucket.
Navigate to "Permissions".
Scroll down to "Cross-origin resource sharing (CORS)".
Click "Edit" and "Paste" the following COR settings.
JSON
[
{
"AllowedHeaders": [],
"AllowedMethods": [
"GET"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
✅ You should have the CORS settings, as shown in Figure 5.
Inside the AWS Management Console navigate to IAM.
Under the 'Access management' menu, click on 'Users'
A list of all the available users will be shown. Click on 'Create user', and provide a user name.
In 'Set permissions', follow the next steps
select 'Attach policies directly'
use the search box to find the 1 or 2 policies (depending on the number of buckets created) defined in section 2
select the 1 or 2 policies, and click on "Next". See Figure 6 for more details
Click on 'Create user'. A screen similar to Figure 7 should indicate your user was successfully created.
ℹ️ For a refresher on IAM roles, the following AWS docs are a great start on all you need to know about IAM roles.
Inside the AWS Management Console navigate to IAM.
Under the 'Access management' menu, click on 'Users'
Select the recent user created on the previous step.
Under 'Summary, click on 'Create access key'. See Figure 8 fore more details.
In 'Use case', select CLI as shown in Figure 9.
Set description tags (optional).
Click on 'Create access key'.
A screen containing the user's access key and secret access key will be displayed. Download the csv file. See Figure 10.
We successfully created the following:
One bucket for images and another for metadata(optional), OR one single bucket with independent images and metadata folders (optional).
One or two permission policies (depending on the number of buckets created).
One user configured with the two policies.
access key and secret access key for the user (to programatically access the buckets).
To conclude this procedure, kindly provide us with the following information: username, access key and secret access key.