Choosing an asset hosting option

How Sama secures your data

Data security is the first thought that comes to mind when talking about data storage. That's why Sama is committed to adhering to industry-standard data security and protection standards. Both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are followed to ensure Sama is using your information only when necessary.

PII, GDPR, and  
Security at SamaPII, GDPR, and  
Security at Sama

PII, GDPR, and
Security at Sama

In addition to making sure your personal information is secure, security and compliance is at the forefront of how Sama operates.

Sama Security  
MeasuresSama Security  
Measures

Sama Security
Measures


Hosting your data

Before you can upload tasks, you need to have access to your source assets. These are the bare, or pre-annotated, assets that you'll provide to Sama for annotation. These provided assets will be uploaded directly to Sama's AWS S3 bucket, located in Germany, India, or the USA depending on your location, and accessed whenever associates need the content.

For the purposes of this document, asset acquisition will be ignored, and instead the various advantages and disadvantages of various storage and access methods will be explored.

Hosting optionProsCons
Assets hosted & stored through Sama S3• Sama is better able to prevent service interruptions

• Sama's delivery centers can load assets faster during annotation using their local asset servers

• Full compatibility with all Sama annotation options

• No file size limitations
• Lack of control over how assets are stored
Assets hosted on a private S3 and shared with Sama• Complete control over uploaded assets

• No file size limitations

• Full compatibility with all Sama annotation options

• Sama's delivery centers can load assets faster during annotation using their local asset servers
• Service interruptions may affect access

• Assets will still be copied to Sama's S3 bucket for the duration of the project
Assets hosted and stored on a private server• Complete control over uploaded assets

• Control over downtime and service interruptions
• Limited to Image only annotation platforms. As the asset doesn't ever touch Sama's S3, Video and Point Cloud projects aren't available

• Images larger than 2 MB are not supported through this method, due to the potential impact on Sama's Delivery Centers

• Asset security outside the workspace cannot be guaranteed due to outside infrastructure

🚧

Warning

Video and 3D Point Cloud assets are processed and stored in Sama's S3 bucket regardless of asset sourcing option. For more information, see below.


Sharing your S3 bucket's contents with Sama's AWS account

Sama can directly fetch assets from your AWS S3 bucket, without you needing to generate pre-signed or public URLs. You'll have to configure your S3 bucket policy as follows:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "sama-s3-getobjects",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::596059236576:user/hub-prod"
            },
            "Action": [
                "s3:GetObject",
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>",
                "arn:aws:s3:::<BUCKET_NAME>/*"
            ]
        }
    ]
}

Replace <BUCKET_NAME> with the name of the bucket Sama will need access to. This will give Sama read-only access to the entire contents of the bucket.

If more granular access is needed, the arn:aws:s3:::<BUCKET resource can be replaced with a list of resources that include the paths to which Sama will be granted access, such as arn:aws:s3:::<BUCKET and arn:aws:s3:::<BUCKET_NAME>/other/path/that/sama/needs/*.



Setting up the configuration for hosting your assets

If you want to keep your assets hosted on your cloud storage service (images only), please ensure that your CORS configuration is properly set up:

The Origin will be https://app.sama.com

The Access-Control-Request-Method is GET

Here is a sample AWS S3 CORS bucket configuration that will enable the Sama platform to properly serve images.

[
    {
        "AllowedHeaders": [],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "https://app.sama.com"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]


Asset hosting for videos and point cloud

The Sama platform processes the original videos and point cloud assets given in a task and requires the processed asset to be then hosted in Sama's S3 bucket. The benefits of this procedure are the following:

  1. Faster load times - the processed asset is stored in data centers located in regions close to Sama’s workforce.
  2. Faster annotation times - the processed asset can immediately be worked on as soon as a single frame is loaded; no need to wait for the entire asset to finish loading.
  3. Peace of mind - the right asset will always be loaded during annotation; no need to worry about changes on your end that will affect existing tasks in the Sama platform.