As an alternative to IAM delegated access, you can use signed URLs (also known as presigned URLs or shared access signatures) to add datasets to Labelbox.
Signed URLs permit access to resources without requiring updates to policies or other configuration settings.
A signed URL include a hash value that authenticates access requests. In general, signed URLs are valid for limited periods of time. Access to the resource is denied without the hash value; acces is also denied once the hash value expires.
Some cloud providers let you limit signed URLs to specific IP addresses or address blocks.
The hash value is generated by server hosting the file. Each provider provide multiple ways to generate signed URLs.
Here's an example of a signed URL:
Here, the value of the
hash parameter is a access token originally generated by the server hosting the file.
The steps for generating signed hashes vary by the cloud provider. To learn more, see one of the following:
- Amazon Web Services (AWS) Simple Storage Service (S3):
- Google Cloud Storage:
- Signed URLs (Google Cloud docs)
- Microsoft Azure Storage:
If you're using a different cloud provider or storage service, consult the relevant docs for help generating signed URLs.
- To learn more about IAM delegated access, see Cloud storage integrations.
- To allow Labelbox to access your data rows, add the server addresses to your allow list.
- For help setting up cross origin resource sharing (CORS), see Configure CORS.
- See Webhooks to learn how to set up and manage an endpoint for Labelbox.
Updated 28 days ago