S3 event storage

Configure external S3 storage for event data.

BugSnag On-premise allows you to store event data in an external S3-compatible object storage instead of the default in-cluster storage. This can be useful for managing storage costs and scaling.

Enabling S3 storage

You can enable S3 storage for event data via the BugSnag Admin Console (KOTS).

1. Navigate to the Config page in the Admin Console.
2. Scroll to the Event processing and storage section.
3. Check the box for Store new event data in S3-compatible object storage.
4. Configure the following settings:
   • Event storage S3 endpoint URL: The URL of your S3-compatible object storage endpoint (e.g., s3.us-east-1.amazonaws.com).
   • Event storage S3 bucket: The name of the bucket to use (e.g., bugsnag-event-data).
   • Event storage S3 credentials type: Choose how BugSnag should authenticate.
     • EKS Pod Identity (Recommended): Uses AWS EKS Pod Identity to assume an IAM role.
     • IAM role for service account (IRSA): Uses IAM Roles for Service Accounts.
     • Static credentials: Requires providing an Access Key ID and Secret Access Key.
5. Deploy the new configuration.

Important notes

• Data Migration: Enabling this option does not transfer existing event data to S3. Existing data will remain in the cluster and eventually expire based on your retention settings.
• Activation Time: The switch to S3 for new event data is not immediate. It will occur at the next UTC midnight at least 6 hours after the configuration change. For example, a change made at 10:00 UTC Monday takes effect at 00:00 UTC Tuesday; a change at 20:00 UTC Monday takes effect at 00:00 UTC Wednesday.
• Disabling: If you disable this option, you must maintain access to the S3 bucket for the length of your retention period plus 1 week to ensuring existing data can still be read.

AWS Resources

If you are deploying on AWS EKS, you need to ensure the necessary resources (S3 bucket and IAM roles) exist and are configured correctly.

CloudFormation

If you are using our provided CloudFormation template to install BugSnag, you can simply provide a value for the EventStorageS3BucketName parameter. The template will automatically:

1. Create the S3 bucket.
2. Create the necessary IAM role with the correct permissions and trust policy.
3. Associate the IAM role with the event-storage-service service account using EKS Pod Identity.

Manual configuration

If you are not using the CloudFormation template or wish to configure resources manually, you must set up the S3 bucket and IAM role as follows.

1. S3 Bucket

Create a standard S3 bucket. The name must match the value you provide in the Event storage S3 bucket configuration.

2. IAM Role

Create an IAM role that will be assumed by the BugSnag service.

Trust Policy:

This policy allows the EKS Pod Identity service to assume the role.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "pods.eks.amazonaws.com"
      },
      "Action": [
        "sts:AssumeRole",
        "sts:TagSession"
      ]
    }
  ]
}

Permissions Policy:

Attach a policy to the role that grants access to your S3 bucket. Replace YOUR_BUCKET_NAME with your actual bucket name.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject",
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::YOUR_BUCKET_NAME",
        "arn:aws:s3:::YOUR_BUCKET_NAME/*"
      ]
    }
  ]
}

3. Service Account Association

You must associate the created IAM role with the event-storage-service Kubernetes service account in the namespace where BugSnag is installed (default: bugsnag).

You can do this using the AWS CLI:

aws eks create-pod-identity-association \
  --cluster-name <YOUR_CLUSTER_NAME> \
  --namespace bugsnag \
  --service-account event-storage-service \
  --role-arn <YOUR_IAM_ROLE_ARN>

Replace <YOUR_CLUSTER_NAME> and <YOUR_IAM_ROLE_ARN> with your values.