S3 Object Storage Setup๏
Parsec is compatible with different object storage solutions, including:
Amazon S3 or any S3-compatible storage such as Outscaleโs OOS (most storage providers offer S3-compatible APIs)
A RAID configuration combining multiple storages
The most common deployment approach is to use an S3-compatible storage.
This guide provides instructions for setting up an S3-compatible bucket for use with Parsec.
Note
Parsec has a very basic use of the object storage: it only reads existing objects and creates new objects.
There is no deletion or listing of objects. Therefore, enabling versioning for the bucket is not strictly
required, but it is highly recommended to prevent data loss from overwriting an existing object (since S3
uses eventual consistency, the s3:PutObject policy always allows overwriting an existing object).
Prerequisites๏
An S3-compatible storage provider account
The AWS CLI
Appropriate permissions to create buckets and manage policies
Create the Bucket๏
Create a new bucket for Parsec data storage:
aws s3api create-bucket \
--bucket <BUCKET_NAME>
Replace <BUCKET_NAME> with your desired bucket name.
Note
The exact command may vary depending on your storage provider. Consult your providerโs documentation for the appropriate command syntax.
For example, with Outscale:
aws s3api create-bucket \
--profile <PROFILE_NAME> \
--endpoint https://oos.eu-west-2.outscale.com \
--bucket <BUCKET_NAME>
Enable Versioning๏
Enable versioning on the bucket to protect against accidental overwrites:
aws s3api put-bucket-versioning \
--bucket <BUCKET_NAME> \
--versioning-configuration Status=Enabled
Limit Access with a Dedicated User๏
For security reasons, create a dedicated IAM user with restricted permissions to only the necessary operations.
The following bucket policy grants only the required permissions for Parsec to function:
aws s3api put-bucket-policy \
--bucket <BUCKET_NAME> \
--policy '{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<ACCOUNT_ID>:root"
},
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::<BUCKET_NAME>/*"
},
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::<ACCOUNT_ID>:root"
},
"Action": [
"s3:ListBucket"
],
"Resource": "arn:aws:s3:::<BUCKET_NAME>"
}
]
}'
Replace the following placeholders:
<BUCKET_NAME>: Your bucket name<ACCOUNT_ID>: The AWS account ID or IAM user that needs access