Loki S3 Backend Storage Configuration

udayp081198 · March 22, 2025, 3:01pm

Hi,

In our current loki distributed deployment model, we have configured AWS s3 as backend storage and we have used below configuration –

storage:
type: s3
bucketNames:
chunks: loki-test-west-chunk
ruler: loki-test-west
admin: loki-test-west
s3:
bucketNames: loki-test-west
bucketNames.chunks: loki-test-west-chunk
endpoint: s3.us-west-2.amazonaws.com
region: us-west-2
secretAccessKey:
accessKeyId:

We are aware that it’s not a best practice to use keys directly on our deployment instead -
Is there a way we can use IRSA/ Pod identity over there to allow loki to access S3
can we have to pass this values as a secrets.

Please suggest if any other ways to tackle this.

Thank you,

tonyswumac · March 22, 2025, 11:51pm

I don’t run Loki on EKS, but there is nothing stopping you from using pot identity. I could be wrong since I don’t use the community helm chart, but I didn’t see pod identity related code in there, so you may have to cook your own.

Alternatively, you could just use your EKS host’s IAM role. This obviously will give all pods running on your EKS cluster the same permission, so not as desirable, but if you are not running anything else on the EKS cluster it’s an easy solution.

Topic		Replies	Views
How can we correctly configure Loki helm values file when using IRSA to access s3 bucket? Grafana Loki	2	1220	March 24, 2024
Grafana + Loki-Distributed + Promtail on EKS Configuration loki	0	746	November 9, 2023
How to install Loki on (AWS) EKS using Terraform with S3 Grafana Loki loki , terraform	5	519	November 20, 2024
Loki S3 bucket configuration Grafana Loki loki	2	405	July 11, 2024
Storing s3 accessKeyID and secretAccessKey securely Grafana Loki configuration , kubernetes , helm	11	3780	December 10, 2024

Loki S3 Backend Storage Configuration

Related topics