Create an Amazon S3-backed depot

Create a depot specification that sets the Address field to map to the S3 datasource. The location of the S3 bucket and the credentials are stored in the depot spec on a per-depot basis using the Address field.

To create an S3-backed depot:

  1. Use the p4 depot command, and set the depot’s Type. For example,

    p4 depot -t stream s3DepotName

  2. In the depot specification,

    • Do not change the value of the Map field because it will not be used.

    • Create a new field for the address, and enter the S3 information and credentials as a comma-separated list of key:value pairs according to the requirements of your S3 storage provider. For a list of access and secret key examples depending on your storage provider, see Examples.

      If you are using an AWS depot, we recommend using role-based credentials in the following format:

      Address: s3,region:us-west-2,bucket:my-s3bucket,role:my-ec2-role-name

      For more information, see EC2 instance role (recommended for AWS).

S3 error handling

In 2025.2 and later, S3 type errors can be handled in conjunction with two configurables: s3.credentialerror.retry and s3.error.retry. The configurables have defaults to retry if certain common errors occur. You can customize which HTTP status and AWS errors cause the retry attempts to occur.

For example, if the default setting in s3.credentialerror.retry of a HTTP status code of 400 with a code of InvalidSessionException is always failing, even when retried, thus causing a delay before the transaction times out and fails, you can set s3.credentialerror.retry to

[ 400, "ExpiredToken", "TokenRefreshRequired", "" ]

These two configurables thus make it possible to address two situations:

  1. The error is missing, but a set of retries might enable the user to avoid intermittent command failures.

  2. An error is listed in the defaults, but retries never succeed. To avoid delays in reporting the failure, set the configurable to the default settings minus that error.

Multiple S3-backed depots

Each S3-backed depot authenticates independently using its own Address field.

If your server uses multiple S3-backed depots (for example, a production depot and an archive depot), each depot must have valid credentials configured. Credentials specified for one depot are not reused for operations on another depot, even when a single command (such as p4 archive) accesses multiple depots in sequence.