AWS S3 Data Storage
By default, Chronicle Server writes data locally to /var/lib/posit-chronicle/data. Chronicle also optionally supports writing the data to cloud storage in an AWS S3 bucket.
Set up an S3 bucket
In your desired AWS region, create a new S3 bucket to store Chronicle data. Chronicle Server expects this bucket to be empty and not shared with other services.
Configure AWS credentials
To allow Chronicle Server to access the selected S3 bucket, configure the credentials on the server where Chronicle is installed. The following IAM permissions are required for Chronicle to use an S3 bucket storage backend:
s3:GetObjects3:ListBuckets3:PutObjects3:DeleteObject
The recommended authentication method depends on the type of deployment:
Virtual machine-based deployment
When the server is deployed on a virtual machine (VM) or EC2 instance, the recommended authentication method is an instance profile.
Kubernetes-based deployment
When the server is running on Kubernetes, the recommended authentication method is to use IAM roles for service accounts.
Once provisioned, the IAM role can be attached to the Chronicle service account using the following values:
values.yaml
serviceaccount:
create: true
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::123456789000:role/iam-role-name-hereWhen storing files created by Posit Chronicle in S3, use the built-in AWS S3 lifecycle rules to manage file retention. See Setting a lifecycle configuration on a bucket for more information.
Enable S3 storage in Chronicle Server configuration
Enable S3 Storage by specifying the S3 Bucket name and region in the Chronicle configuration file or if operating in Kubernetes, set the associated config section values in the values.yaml file.
/etc/posit-chronicle/posit-chronicle.gcfg
[LocalStorage]
Enabled = false
[S3Storage]
Enabled = true
Bucket = posit-chronicle
Region = us-east-2After making these edits, restart the Chronicle Server via systemd for the changes to take effect:
Terminal
sudo systemctl restart chronicle