S3-bucket-exporter collects information about size and object list about all the buckets accessible by user. Works with AWS and any S3 compatible endpoints (Minio, Ceph, Localstack, etc).
- Modular Authentication: Separate authentication module with support for multiple auth methods
- Flexible Configuration: Supports both environment variables and command-line arguments
- Comprehensive Metrics: Provides detailed metrics at both bucket and storage class level
Total metrics:
s3_total_sizes3_total_object_numbers3_list_total_duration_secondss3_auth_attempts_total
Bucket level metrics:
s3_bucket_sizes3_bucket_object_numbers3_list_duration_seconds
Run from command-line:
./s3-bucket-exporter [flags]./s3-bucket-exporter -s3_endpoint=http://127.0.0.1:9000 -s3_access_key=minioadmin -s3_secret_key=minioadmindocker run -p 9655:9655 -d \
-e S3_ENDPOINT=http://127.0.0.1:9000 \
-e S3_ACCESS_KEY=minioadmin \
-e S3_SECRET_KEY=minioadmin \
-e S3_BUCKET_NAMES=my-bucket-name \
ghcr.io/tropnikovvl/s3-bucket-exporter:latest./s3-bucket-exporter \
-s3_access_key ABCD12345678 \
-s3_secret_key mySecretKey \
-s3_bucket_names=my-bucket-name \
-s3_region=us-east-1Note: For AWS, all buckets must be in the same region to avoid "BucketRegionError" errors or manually limit the list of buckets. An example of IAM policy can be found here
helm install s3-bucket-exporter \
--namespace s3-bucket-exporter \
--create-namespace oci://ghcr.io/tropnikovvl/chart/s3-bucket-exporter \
--version 2.1.0The exporter supports both command-line arguments and environment variables (arguments take precedence).
| Environment Variable | Argument | Description | Default | Example |
|---|---|---|---|---|
| S3_BUCKET_NAMES | -s3_bucket_names | Comma-separated list of buckets to monitor (empty = all buckets) | my-bucket,other-bucket | |
| S3_ENDPOINT | -s3_endpoint | S3 endpoint URL | s3.us-east-1.amazonaws.com | http://127.0.0.1:9000 |
| S3_ACCESS_KEY | -s3_access_key | AWS access key ID | AKIAXXXXXXXX | |
| S3_SECRET_KEY | -s3_secret_key | AWS secret access key | xxxxxxxxxxxxx | |
| S3_REGION | -s3_region | AWS region | us-east-1 | eu-west-1 |
| S3_FORCE_PATH_STYLE | -s3_force_path_style | Use path-style addressing | false | true |
| S3_SKIP_TLS_VERIFY | -s3_skip_tls_verify | Skip TLS certificate verification | false | true |
| LISTEN_PORT | -listen_port | Port to listen on | :9655 | :9123 |
| LOG_LEVEL | -log_level | Logging level | info | debug |
| LOG_FORMAT | -log_format | Log format | text | json |
| SCRAPE_INTERVAL | -scrape_interval | Metrics update interval | 5m | 30s |
Warning: For security reasons, avoid passing credentials via command line arguments
The exporter uses a modular authentication system that automatically detects the appropriate authentication method based on the provided configuration.
- Access Keys - Using AWS access key and secret key
- IAM Role - Using EC2/ECS instance role
- Web Identity - Using web identity token (e.g., for Kubernetes)
- IAM Instance Profile - For EC2 instances with attached IAM roles
- TLS Verification: Optional TLS certificate verification for secure connections
- Credential Protection: Credentials are never logged or exposed in metrics
Example scrape config:
scrape_configs:
- job_name: 's3bucket'
static_configs:
- targets: ['localhost:9655']A sample Grafana dashboard is available at resources/grafana-s3bucket-dashboard.json:
-
Authentication Failures:
- Verify credentials are correct
- Check IAM role permissions
- Ensure proper region is specified
-
Connection Issues:
- Verify endpoint URL is correct
- Check network connectivity
- Validate TLS certificates if using HTTPS
-
Performance Issues:
- Increase scrape interval for large bucket counts
- Use specific bucket names instead of scanning all buckets
- Ensure proper instance sizing
go build -o s3-bucket-exportergo test ./...cd e2e && docker compose up --abort-on-container-exitContributions are welcome! Please follow the contribution guidelines in CONTRIBUTING.md