Sky Pilot allows you to use your own Amazon S3 account, which means you will not incur any additional Storage or Bandwidth costs by Sky Pilot. All files stored are fully in your hands, and the costs associated with S3 are billed to you by Amazon AWS directly.
Note:

This feature is available only on a Custom enterprise plan for $490 USD - reach out to our support team to get this set up.

Once the Custom plan has been enabled for you, the steps to get your own S3 account set up with Sky Pilot are as follows:

Create A Bucket in your S3 Account

Create a bucket in the region you would like to use.

 

In Bucket, Properties click Permissions and click the Edit CORS Configuration button and add the following CORS policy

 

[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT"
],
"AllowedOrigins": [
"https://*.skypilotapp.com", "https://skypilotapp.com"
],
"ExposeHeaders": [
"Origin",
"Content-Type",
"Content-MD5",
"Content-Disposition", "ETag"
],
"MaxAgeSeconds": 3600
}
]

Setting up an access key

We will need an access key to be able to save and access files in your bucket. You can use your root access key but we recommend adding an IAM user with following permissions

 

{
"Statement": [
{
"Action": [
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::YOUR_BUCKET_NAME_HERE"
]
},
{
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectAcl"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::YOUR_BUCKET_NAME_HERE/*"
]
}
]
}

Be sure to replace YOUR_BUCKET_NAME_HERE with the name of the bucket you created.

 

[optional] Setup Cloudfront

To improve delivery across a worldwide audience, and lower the costs of a S3 bucket transfer, you might want to setup a Cloudfront distribution as well.

Please follow next steps to set up Cloudfront:

  • Follow instructions in Amazon's docs to create Cloudfront Key Pair on your AWS account: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html
  • Create a new Cloudfront distribution. In "Origins" set the origin to your desired S3 bucket, and set
    "Origin access" to Legacy access identities, where "New OAI" button is used to create one. Make sure you also select "Yes, update the bucket policy". This will allow your private bucket to be accessed through Cloudfront.
    Under Behaviours, the "Viewer protocol policy" should be set to Redirect HTTP to HTTPS, and "Restrict viewer access" should point to the AWS Key Group which you created in the first point. Additionally "Cache key and origin requests" should be set to "Headers - None", "Query Strings - All" and "Cookies - None". "Response headers policy" should be left with "None". 
  • Follow instructions for securely sending us your data in next step, but additionally include the following secrets: Cloudfront Key Pair ID, Cloudfront Private Key file, and Cloudfront Distribution URL


Send us your info

Once you have done this we will need the following to setup your integration. For your security, please share them in a secure way, like 1Password or similar tools.

 

  • AWS ACCESS KEY = 'ACCESS_KEY'

  • AWS SECRET ACCESS KEY = 'SECRET_ACCESS_KEY'

  • BUCKET NAME = 'YOUR_BUCKET_NAME'

  • BUCKET HOSTNAME = 's3-us-west-2.amazonaws.com' or 's3.amazonaws.com'

  • BUCKET REGION='us-east-1' or 'us-west-2'