Labelbox documentation

Configure integration in AWS

Follow these steps to set up the IAM Delegated Access integration in your AWS account and the Labelbox UI.

  1. In your Labelbox account, go to the Integrations tab and click Add Integration. Copy the Labelbox account ID and external ID (you'll need this for step 3).

  2. At the top of your AWS console, use the Find Services search bar to search for IAM. Then, select Roles from the side menu.

  3. Go to the Roles page and follow these steps:

    1. Click Create role.

    2. Select Another AWS account.

    3. Paste the Labelbox Account ID.

    4. Check the box for Require external ID.

    5. Paste the Labelbox External ID.

    6. Do not enable Require MFA option.

    7. Click Next: Permissions.

  4. Attach a permissions policy by selecting one of the AWS sample policies listed (e.g., AmazonS3ReadOnlyAccess policy). Or you can paste this sample policy in the JSON tab. This policy restricts access to a specific S3 bucket. The GetObject action allows Labelbox read-only access to the bucket you specify. The Resource is your bucket ARN. To find your bucket ARN, go to your s3 console, select the bucket from the list, go to the Properties tab, and copy the Amazon Resource Name.

        "Version": "2012-10-17",
        "Statement": [
                "Effect": "Allow",
                "Action": [
                "Resource": "arn:aws:s3:::CustomerBucketName/*"

    When you are done, click Next: Tags.

  5. Click Next: Review to bypass the optional Add tags step. Tags are not required to set up this integration.

  6. In the Review step, name the role you just created for Labelbox. We recommend naming it something like labelboxs3Access. To approve, click Create role.

  7. Copy the Role ARN at the top of the Roles Summary tab. Then, in Labelbox, paste the AWS Role ARN in the provided field and name the integration.

  8. Check whether the integration was set up properly. See our Validate integration docs to learn how to do this in the UI.


To learn how to set up your integration programmatically, see our GraphQL docs.