Cloud integrations
AWS
Granting cross-account access
If your data is stored in a private AWS S3 bucket, you can submit your image URLs in virtual-hosted-style format: https://<bucket-name>.s3.<region>.amazonaws.com/<key>.
We will then use the S3 API to access data from your S3 bucket, using AWS account ID 931508227573 (canonical ID a2c85e730d80dcb51a2c0e1a8f852cf6dc8d6e04d9e00f49239c324de3c1e3e1). We generate temporary presigned URLs to serve the images from your S3 bucket in our frontend. These URLs expire after 24 hours.
This setup requires that you give the Segments.ai AWS account read-only access to the data in your bucket. You can do this by granting us cross-account access through setting an appropriate bucket policy:
In your AWS account, go to the S3 Management Console.
Go to your bucket.
Go to the Permissions tab.
In the Bucket Policy section, click the Edit button.
Paste the following bucket policy and save your changes. Don't forget to replace
YOUR_BUCKET_NAMEwith the name of your bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "segments-s3-access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::931508227573:user/segmentsai-prod-user"
},
"Action": [
"s3:GetObject"
],
"Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/*"
}
]
}CORS configuration
You also need to configure CORS for your S3 bucket:
In your AWS account, go to the S3 Management Console.
Go to your bucket.
Go to the Permissions tab.
In the Cross-origin resource sharing (CORS) section, click the Edit button.
Paste the following configuration and save your changes.
Google Cloud
Granting cross-account access
Please contact us to request a Service Account Email ID for this GCP integration.
Create a new role for the principal as follows:
In your GCS account, go to Roles and click Create Role
Give the role a title, ID and description
Click Add permissions and select the
storage.objects.getpermissionClick the Create button
In your GCS account, go to your GCS bucket permissions.
Click Grant access under the View by principals section and paste the Service Account Email ID that we shared with you in the New principals field.
Select the custom role you just created as the role, and press Save.
Configure CORS on your bucket as follows:
Click the Activate Cloud Shell button (a terminal window icon) in the top-right corner
In Cloud Shell, create a JSON file containing the CORS configuration by entering the command
echo '[{"origin":["https://*.segments.ai"],"method":["GET"],"responseHeader":["*"]}]' > cors-config.jsonApply the CORS configuration to the bucket with the command
gsutil cors set cors-config.json gs://<bucket-name>
Verify the CORS configuration with the command
gsutil cors get gs://<bucket-name>Please share the name of your bucket with us, so we can enable the integration on our side
Once this is set up, you can start using gs:// URLs in your samples, pointing to files in your private bucket.
Azure
Granting cross-account access
Sign in to the Azure Portal.
In the search bar at the top, type Microsoft Entra ID.
Copy the Tenant ID on the Overview page and share it with us.
Install the Segments.ai Blob Link Service app into your tenant by running
az ad sp create --id d47021c7-05d1-44c3-a594-93c2c30c68fc(Azure docs).Grant the app access to your storage account:
In the Azure Portal, go to the Storage Account you want to share.
In the left menu, select Access control (IAM).
Click + Add → Add role assignment.
Choose Storage Blob Data Reader as the role (= read access only).
Select Assign access to → User, group, or service principal.
Find the Enterprise application you just created for the Segments.ai - Blob Link Service app.
Save the assignment.
CORS configuration
You also need to configure CORS by running this Azure CLI command:
You can also configure CORS via the Azure Portal.
Last updated
Was this helpful?