Archil supports S3-compatible storage from multiple providers. All S3-compatible providers use similar configuration patterns but may have different authentication methods and endpoints.

Amazon S3

Amazon S3 supports authorization through either configuring the bucket IAM Resource Policy or by using static AWS credentials from an IAM user which can access the bucket. Configuration instructions
  • Login to your AWS S3 console
  • Browse to your specified bucket
  • Update the bucket permissions policy to allow Archil access to the bucket. The console will provide the exact policy to add. It will look something like this:
{
    "Version": "2012-10-17", 
    "Statement": [
        {
            "Sid": "AllowArchilAccess",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::123456789:role/archil-s3.prod.us-east-1"
            },
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME",
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        }
    ]
}

Google Cloud Storage

Google Cloud Storage supports authorization through static AWS-compatible HMAC credentials. Configuration instructions
  • Login to your Google Cloud Storage console
  • Click Settings
  • Click Interoperability
  • Under Service account HMAC, click Create a key for another service account
  • Grant the Cloud Storage - Storage Object Admin role to the new service account
  • Record the Access key and Secret provided for the new service account HMAC key

Cloudflare R2

Cloudflare R2 supports authorization through the provided, static AWS credentials. Configuration instructions
  • Login to the Cloudflare console
  • Browse to R2
  • Click Manage R2 API Tokens
  • Create a new token with Object Read & Write permissions
  • Retrieve an Access Key ID, Secret Access Key, and the default endpoint.

Generic S3 Compatible Storage

Many other providers and clouds provide storage that is API-compatible with S3. Archil supports using these services as data sources, if you provide the API endpoint and static AWS credentials required to access the data. Configuration instructions To configure a generic S3-compatible storage provider:
  1. Obtain the S3-compatible API endpoint from your storage provider
  2. Create or obtain AWS-compatible access credentials (Access Key ID and Secret Access Key)
  3. Ensure the credentials have the necessary permissions to read, write, list, and delete objects in your bucket
  4. When creating your Archil disk, select “Generic S3 Compatible” as the data source type
  5. Provide the endpoint URL and credentials when prompted

Common Providers

This configuration works with many S3-compatible storage services, including: