AWS S3 configuration

Using V7's external AWS integration, you can keep your data stored within a private Amazon S3 bucket. Check out the diagram here to see how it works, and if you're ready to get started follow our step-by-step instructions to create the integration.

🚧

The AWS integration is available on V7's Business and Enterprise plans. You can find out more about what each plan includes on our pricing page.

Read / Write access

To setup an external s3 account we first need to give our AWS role (arn:aws:iam::258327614892:role/external_s3 ) access:

  • Read via GetObject
  • Write via PutObject (optional)
{
    "Version": "2012-10-17",
    "Id": "PolicyForExternalAccess",
    "Statement": [
    {
      "Sid": "Darwin Access",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::258327614892:role/external_s3"
      },
      "Action": ["s3:GetObject", "s3:PutObject"],
      "Resource": "arn:aws:s3:::your-s3-bucket-name/*"
    }
  ]
}

If you don't need Darwin to process images after they are uploaded (e.g. generate thumbnails, split video frames etc), then you can leave out the Write access "s3:PutObject"

{
    "Version": "2012-10-17",
    "Id": "PolicyForExternalAccess",
    "Statement": [
    {
      "Sid": "Darwin Access",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::258327614892:role/external_s3"
      },
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::your-s3-bucket-name/*"
    }
  ]
}

If you already have a policy for your bucket, then you only need to add the Statement part

CORS access

When annotators are requesting images to annotate, they will load them directly from your s3 bucket via a presigned url. However since that s3 bucket sits on a different domain than darwin.v7labs.com a CORS header needs to be configured.

You can find this under Permissions > CORS Configuration in the AWS S3 UI:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://darwin.v7labs.com"
        ],
        "ExposeHeaders": []
    }
]
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>https://darwin.v7labs.com</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
    </CORSRule>
</CORSConfiguration>

Activation

When this is all setup, please message [email protected] with the following details:

  • S3 region
  • S3 bucket name
  • an optional prefix where we can upload thumbnails if needed (often /darwin/ )
  • your team name
    And we will turn on the external access for your team.

If you encounter any issues or have any questions feel free to contact us at [email protected]