Launching the Platform/Self hosted/Prerequisites

S3-Compatible Storage

Setup and configure S3-compatible storage for your self-hosted platform

Overview

Purpose

  • Platform assets storage
  • Blockchain data persistence
  • File management
  • State storage

Key Features

  • Built-in redundancy
  • Automatic scaling
  • Global availability
  • Integrated monitoring

Deployment Options

AWS S3 (Native)

Create S3 bucket

  • Choose region
  • Enable versioning
  • Configure default encryption

Create IAM user

  • Generate access key and secret
  • Attach minimal required permissions

Digital Ocean Spaces

Setup Spaces

  • Access Digital Ocean Console
  • Create new Spaces bucket:
    • Choose datacenter region
    • Configure CDN (optional)
  • Create Spaces access key

Azure Blob Storage

Create Storage Account

  • Go to Azure Portal
  • Create new Storage Account
  • Select performance tier and redundancy
  • Enable hierarchical namespace (recommended)

Create Container

  • Navigate to Storage Account
  • Create new container
  • Set access level (private recommended)

Get Access Credentials

  • Generate Shared Access Signature (SAS)
  • Or use Storage Account access keys
  • Note the connection string

Azure Blob Storage offers:

  • Geo-redundant storage options
  • Integration with Azure AD
  • Built-in disaster recovery
  • Pay-as-you-go pricing

Google Cloud Storage

Create Storage Bucket

  • Go to Google Cloud Console
  • Create new bucket
  • Choose location type
  • Set storage class
  • Configure access control

Set up Service Account

  • Create new service account
  • Generate JSON key file
  • Assign Storage Object Admin role
  • Download credentials

GCP Storage benefits:

  • Multi-regional deployment
  • Object lifecycle management
  • Strong consistency
  • Integrated security controls

State Encryption

### Generate encryption key bash openssl rand -base64 32

Store this encryption key securely - it's used to protect platform state data.

Information Collection

Required Values for Platform Installation

  • S3 endpoint URL (e.g., s3.amazonaws.com)
  • Bucket name
  • Access key ID
  • Secret access key
  • Region (e.g., us-east-1)
  • State encryption key
deploymentEngine:
  state:
    # AWS S3
    connectionUrl: 's3://bucket-name?region=us-east-1&endpoint=s3.amazonaws.com'
 
    # Azure Blob Storage
    connectionUrl: 'azblob://<container-path>'
 
    # Google Cloud Storage
    connectionUrl: 'gs://bucket-name'
 
    credentials:
      encryptionKey: 'your-generated-key' # From openssl command
 
      # AWS Credentials
      aws:
        accessKeyId: 'your-access-key'
        secretAccessKey: 'your-secret-key'
        region: 'us-east-1'
 
      # Azure Credentials
      azure:
        storageAccount: 'storage-account-name'
        storageKey: 'storage-account-key'
 
      # GCP Credentials
      google:
        project: 'project-id'
        credentials: |
          {
            "type": "service_account",
            "project_id": "your-project",
            "private_key_id": "key-id",
            "private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
            "client_email": "[email protected]",
            "client_id": "client-id",
            "auth_uri": "https://accounts.google.com/o/oauth2/auth",
            "token_uri": "https://oauth2.googleapis.com/token",
            "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
            "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]"
          }

Validation

Test AWS S3

aws s3 ls s3://your-bucket \
  --endpoint-url your-endpoint \
  --access-key your-access-key \
  --secret-key your-secret-key

Test Azure Storage

az storage blob list \
  --container-name your-container \
  --account-name your-storage-account \
  --account-key your-storage-key

Test Google Cloud Storage

gsutil ls gs://your-bucket

Make sure you have installed and configured the respective CLI tools: - AWS CLI: aws configure - Azure CLI: az login - Google Cloud CLI: gcloud auth login

Troubleshooting

Access Denied

AWS S3:

  • Verify IAM credentials
  • Check bucket policies
  • Confirm IAM role permissions
  • Validate endpoint URL format

Azure Blob Storage:

  • Check storage account access keys
  • Verify container access level
  • Confirm SAS permissions
  • Check firewall settings

Google Cloud Storage:

  • Verify service account permissions
  • Check IAM roles
  • Validate JSON credentials
  • Confirm project access

Connection Issues

AWS S3:

  • Check endpoint accessibility
  • Verify region setting
  • Confirm VPC endpoints
  • Check SSL/TLS requirements

Azure Blob Storage:

  • Verify network access rules
  • Check private endpoints
  • Confirm account status
  • Validate VNET settings

Google Cloud Storage:

  • Check VPC Service Controls
  • Verify network connectivity
  • Confirm regional availability
  • Check firewall rules

Performance Issues

AWS S3:

  • Check transfer acceleration
  • Review bucket region
  • Monitor request rates

Azure Blob Storage:

  • Verify account tier
  • Check geo-replication
  • Monitor bandwidth metrics

Storage Issues

Google Cloud Storage:

  • Review storage class
  • Check bucket location
  • Monitor throughput metrics

Need help? Contact [email protected] if you encounter any issues.