How to: AWS S3 Integration with Labelbox

Hello Labelbox Community ,

Labelbox simplifies the process of connecting to your Amazon S3 bucket through IAM delegated access, ensuring a smooth and straightforward setup. Let’s get started together!

Step 1: Open new integration in Labelbox

1. Sign in to Labelbox.
2. Navigate to Workspace settings and then select the Integrations tab.
3. Select the Amazon Web Services button to create a new integration.
4. Keep this tab open as we’ll return to it later.

awslb2224×548 45.7 KB

aws2366×654 39.5 KB

Step 2: Establish Your Bucket in Amazon AWS

1. Sign up for an AWS account if you haven’t already by visiting https://aws.amazon.com/ and clicking on “Create an AWS Account”.
2. Navigate to your S3 Management Console once your account is set up.
3. Now, it’s time to create your bucket. Think of it as your personal storage space in the cloud. Click on “Create bucket”, give it a unique name, and choose a region.
4. Upload your files to your newly created bucket by clicking on “Upload” and selecting the files you wish to store.

Example Amazon S3 Bucket name: labelbox-jannybucket

image1836×718 51.3 KB

Step 3: Configure CORS (Cross-origin Resource Sharing)

1. Navigate to the bucket you just created and select the Permissions tab. Scroll down to Cross-origin resource sharing (CORS) and click Edit.
2. Paste the following configurations into the text field.

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://app.labelbox.com",
            "https://editor.labelbox.com"
        ],
        "ExposeHeaders": []
    }
]

3. Click Save changes.

For more details on configuring CORS, please refer to our documentation: Configure Cors

Step 4: Define Permissions with a Policy

1. Navigate to your Identity and Access Management (IAM) dashboard. Under Access Management, go to the Policies section.
2. Select Create policy and input your policy in the JSON tab. Ensure you replace CustomerBucketARN with the ARN of the bucket you created earlier.

Example: labelbox-jannybucket

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::CustomerBucketARN/*",
                "arn:aws:s3:::CustomerBucketARN"
            ]
        }
    ]
}

3. Next: Review and create. Give your policy a unique name and finish by selecting Create policy.

For example: labelbox-jannybucketpolicy

Step 5: Create a role for Labelbox in AWS

1. Navigate to your Identity and Access Management (IAM) dashboard. Under Access Management, go to the Roles section.
2. Inside the Roles page, follow these steps:
   a. Click Create role.
   b. Choose AWS account and then select Another AWS account.
   c. Enter the Labelbox Account ID from step 1.
   d. Enable Require external ID and enter the Labelbox External ID from step 1.
   e. Do not check the box for Require MFA.
3. Select the policy you created in Step 4 (e.g., labelbox-jannybucketpolicy).
4. When you’re done reviewing, select Create role.
5. Review and create the role, then copy the Role ARN from the Summary.

awsrole2242×592 46.8 KB

Step 6: Finalize Integration in Labelbox

1. Return to the Integrations tab in Labelbox and enter the AWS Role ARN in the designated field. Also, name the integration .
   Note: The name must match your AWS S3 bucket name.

awslabelbox2398×452 33 KB

Step 7: Validate the integration

1. Ensure the validation is correctly set up. Congratulations, you’re all set!

That’s it! You’ve successfully created a AWS S3 integration with Labelbox!

Feel free to share your experiences, ask questions, or share tips in the comments below.

Additional Resources:
Amazon S3
Configure CORS