Deployment
Creating Fly S3
Provision Fly Tigris object storage and configure S3-compatible credentials.
When to use this page
- You need object storage for uploads, media assets, exports, or backups.
- You deploy on Fly and want an S3-compatible storage backend.
Prerequisites
- Fly app and organization are set up.
- You know whether objects should be public or private.
- You have a naming pattern for buckets and object keys.
Documentation: https://fly.io/docs/tigris/
Overview
Fly.io uses Tigris for S3-compatible globally distributed object storage.
Usage considerations
- Use for file uploads, media assets, backups, and exports
- S3-compatible API - works with standard S3 SDKs and tools
- Globally distributed for low-latency access
- Prefer signed URLs for private access
Setup checklist
Follow the official Fly.io Tigris documentation for the latest CLI commands and options.
- Choose a bucket name and region
- Decide on public vs private access
- Plan your folder structure and lifecycle rules
- Create access keys for your app or CI/CD pipeline
After creation
- Store credentials in your app's environment variables (example):
fly secrets set AWS_ACCESS_KEY_ID=<your-access-key-id> fly secrets set AWS_SECRET_ACCESS_KEY=<your-secret-access-key> fly secrets set BUCKET_NAME=<your-bucket-name> fly secrets set S3_ENDPOINT=<your-endpoint> fly secrets set S3_REGION=<your-region> - In app you configure as regular S3
Verify
- Upload and download a test file from the running application.
- Signed URL flow works for private objects.
- Bucket/object naming and access policies match your security model.
Troubleshooting
- Upload permission errors: Check key permissions and bucket policy configuration.
- Broken object URLs: Verify endpoint/region and path-style vs virtual-host style settings.
- Slow delivery of public assets: Add CDN caching rules and optimize object size.