Skip to content

Grant ReSim Data Access

For ReSim to run your tests, it needs to be able to access three types of data, experiences, system build images, and metrics build images.

Experience data

Cloud Storage Support

We currently only support AWS S3 for cloud storage. Google Cloud is also on our roadmap. If you'd like us to support other blob storage solutions, get in touch

AWS S3

You can use an existing bucket where you already have input data, or create a new one for ReSim.

If you create a new bucket, we recommend creating it in the us-east-1 region as that's where our app runs. You can follow the AWS documentation for creating a bucket. We don't require any specific settings except that the data isn't stored in Glacier archive.

Whether you have an existing bucket, or have created one specifically for use with ReSim, you need to give our IAM role access to read from the bucket.

The IAM role is used by components of the ReSim platform if they need to fetch Experience data.

arn:aws:iam::083585393365:role/resim-customer-prod

New bucket, or bucket without existing policy

The following policy needs to be applied to your bucket. Make sure you replace the bucket-name placeholder value with the name of your bucket.

{
  "Version": "2012-10-17",
  "Id": "ReSimAccess",
  "Statement": [
    {
      "Sid": "ReSimAccess",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::083585393365:role/resim-customer-prod"
      },
      "Action": ["s3:GetObject", "s3:ListBucket"],
      "Resource": ["arn:aws:s3:::bucket-name", "arn:aws:s3:::bucket-name/*"]
    }
  ]
}

Existing bucket with policy

If your bucket already has a bucket policy set, update the policy to add the following statement. Make sure you replace the bucket-name placeholder value with the name of your bucket.

"Statement": [
  {
      "Sid": "ReSimAccess",
      "Effect": "Allow",
      "Principal": {
          "AWS": "arn:aws:iam::083585393365:role/resim-customer-prod"
      },
      "Action": [
          "s3:GetObject",
          "s3:ListBucket"
      ],
      "Resource": [
          "arn:aws:s3:::bucket-name",
          "arn:aws:s3:::bucket-name/*"
      ]
  }
]

This is the same statement as in the complete policy example above.

Container images

Container Registry Support

We currently only support AWS ECR, Docker Hub, and Google Artifact Registry. If you need us to support other container registries, get in touch

AWS ECR

To use images hosted in AWS Elastic Container Registry (ECR) with ReSim, you can set up access to an existing ECR repository, or create a new ECR repository.

If you're creating a new repository, we recommend creating it in us-east-1 as that's where our app runs. You can follow the AWS documentation for creating ECR repositories.

New repository, or existing repository without policy

The repository you would like to use needs to have the following policy applied so that ReSim components can pull images from it:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowReSimToPull",
      "Effect": "Allow",
      "Principal": {
        "AWS": ["arn:aws:iam::083585393365:role/resim-customer-prod"]
      },
      "Action": ["ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer"]
    }
  ]
}

Existing repository with policy

If you have an existing ECR repository with images you would like to test, and that repository already has a policy set, add the following statement to the repository's policy:

"Statement": [{
    "Sid": "AllowReSimToPull",
    "Effect": "Allow",
    "Principal": {
        "AWS": [
            "arn:aws:iam::083585393365:role/resim-customer-prod"
        ]
    },
    "Action": [
        "ecr:BatchGetImage",
        "ecr:GetDownloadUrlForLayer"
    ]
}]

Docker Hub

You can use an existing repository or create a new one. Once it's ready, you will need to set up a new service account and share the Docker ID and personal access token (PAT) securely with us.

Docker Image Pull Rate

We use a mechanism to pull and mirror your container images securely inside our platform. This means image retrieval is quicker, and also means that we only make requests to Docker Hub when you publish images we haven't yet mirrored. Thus the limit of 5000 pulls per day Docker imposes should be more than enough.

Google Artifact Registry

You can use an existing repository or create a new one. Once it's ready, you will need to set up a new service account and generate a key for it. ReSim needs the service account to have Artifact Reader access to the repository in question.

To grant ReSim access, please share a base64 encoded version of the key.json, which can be used to login to the artifact registry.