Skip to content

Configure authorization for an S3 bucket

After a bucket is added to Infinstor service using the steps in Managing S3 Buckets, the next step is to configure authorization for the S3 bucket.

Note that

  • Only the administrator for the service has permissions to configure authorization for S3 buckets.
  • usePresignedUrlForMLflow flag must be enabled in the Infinstor service to use this feature. This is specified during the installation of the service and is enabled by default.
  • A user must have editor permission on a bucket, including the default mlflow artifacts bucket, to create an experiment with the artifact location on that bucket.
  • During installation of the Infinstor service, a default mlflow artifacts bucket is automatically created. But to use this default bucket for experiments and models, bucket authorization must be configured as described below.
  • By default the cloud type is assumed to be aws.

REST API

The following REST API supports

Add an user or group to allow access to a bucket

Access to a bucket can be granted to an user or group using the following API:

  • URL: https://<api_dns_name>.<infinstor_service_name>/add-bucket-auth
  • For example, https://api.infinstor.yourcompany.com.
  • Method: POST
  • Data
  • principal: required.
    • username if type below is user else group name if type below is group.
  • type: required. must be user, or group
  • bucketname: required. bucket name
  • role: required. editor or reader
  • cloud: optional. aws or azure or minio or other
curl "https://api.infinstor.yourcompany.com/add-bucket-auth" \
  -H "authorization: <replace_with_your_access_key>" \
  -H "content-type: application/json" \
  --data-raw "principal=<replace_with_user_or_group_name>&type=user&bucketname=new-buc-for-13-with-role&role=editor&cloud=aws" \
  --compressed

Remove an user or group to disallow access to a bucket

Access to a bucket can be disallowed for an user or group using the following API:

  • URL: https://<api_dns_name>.<infinstor_service_name>/remove-bucket-auth
  • For example, https://api.infinstor.yourcompany.com.
  • Method: POST
  • Data
  • principal: required.
    • username if type below is user else group name if type below is group.
  • type: required. must be user, or group
  • bucketname: required. bucket name
  • cloud: optional. aws or azure or minio or other