Amazon S3
Bucket Policy
Create an IAM policy that grants Avala read access to your bucket. If you also want Avala to write exports back to the bucket, include thes3:PutObject permission.
AVALA_ACCOUNT_ID with the account ID provided in Mission Control during setup, and your-bucket-name with your actual bucket name.
CORS Configuration
If you are loading images or video directly in the browser-based annotation editor, add a CORS rule to your bucket:Connect in Mission Control
- Go to Mission Control > Settings > Storage.
- Click Add Storage and select Amazon S3.
- Enter your Bucket Name and Region.
- Choose an authentication method:
- Cross-account IAM role (recommended) — Avala assumes a role in your account.
- Access key — Provide an AWS access key ID and secret.
- Click Test Connection to verify access.
- Save the configuration.
Google Cloud Storage
Service Account
Create a service account that Avala can use to access your bucket:- In the Google Cloud Console, navigate to IAM & Admin > Service Accounts.
- Create a new service account (e.g.,
avala-storage-reader). - Grant the following roles on the bucket:
roles/storage.objectViewer— read access to objectsroles/storage.legacyBucketReader— list objects in the bucket
- If Avala should write exports to the bucket, also grant
roles/storage.objectCreator. - Download the JSON key file for the service account.
CORS Configuration
If you are loading images or video directly in the browser-based annotation editor, add a CORS configuration to your GCS bucket. Save the following ascors.json:
gsutil:
your-bucket-name with your actual bucket name.
Connect in Mission Control
- Go to Mission Control > Settings > Storage.
- Click Add Storage and select Google Cloud Storage.
- Enter your Bucket Name.
- Upload the Service Account JSON key file.
- Click Test Connection to verify access.
- Save the configuration.
Storage Configuration Options
Once a bucket is connected, you can configure it in Mission Control:| Option | Description |
|---|---|
| Default storage | Set the bucket as the default destination for new datasets. |
| Prefix filter | Limit Avala’s access to a specific path prefix within the bucket (e.g., datasets/production/). |
| Export destination | Enable writing completed exports back to this bucket. |
| Signed URL expiry | Control how long signed URLs remain valid when serving assets to annotators (default: 1 hour). |
Uploading Data from Connected Buckets
After connecting a bucket, you can create datasets from its contents:- Create a new dataset in Mission Control.
- Select Import from Cloud Storage as the data source.
- Browse or search the connected bucket for the files or folder you want.
- Select the assets and confirm the import.
Your data stays in your bucket at all times. Avala generates short-lived
signed URLs to serve assets to the annotation editor and never persists
copies of your files.