Guides
  1. Integrations

Wasabi Storage & AI (AiR) Integration

Step-by-step guide for configuring Wasabi cloud storage and Wasabi AiR AI services with a Nomad Media project.

This guide walks through the full setup required to connect Wasabi cloud storage and Wasabi AiR AI services to a Nomad Media project. Replace {projectPrefix} throughout with your project's prefix (e.g., demo55).

A. Create the Wasabi User and Permissions

  1. Log in to your Wasabi account.
  2. Follow the Wasabi guide for creating a user account and access key using the parameters below.

Create a Group

  • Group name: {projectPrefix} (e.g., demo55)

Create a User

  • Name: {projectPrefix}-user (e.g., demo55-user)
  • Access type: Programmatic only — no console access, no MFA required
  • Set a password and do not require a password reset on first login
  • Add the user to the group created above

Assign Policies to the User

Attach the following policies to the user:

  • AdministratorAccess
  • IAMUserChangePassword
  • WasabiAdministrator
  • WasabiFullAccess
  • WasabiManageAiR
  • WasabiViewAiR

Create an Access Key

Generate an access key for the user. Copy the Access Key ID and Secret Access Key to a secure location — they are required in the steps below.

B. Create the AWS Secret

Add a new secret to AWS Secrets Manager with the following settings:

  • Secret name: nomad/{projectPrefix}/wasabiAir
  • Value (JSON array):
[
  {
    "name": "wasabi-{projectPrefix}-buckets",
    "accessKey": "{accessKey}",
    "secretKey": "{secretKey}",
    "serviceUrl": "https://s3.{wasabi-region}.wasabisys.com/"
  }
]

Replace {accessKey} and {secretKey} with the credentials from Step A, and {wasabi-region} with the Wasabi region where your buckets will be created.

C. Create the AWS IAM User for Wasabi Event Notifications

Refer to the Wasabi event notifications documentation for full context.

  1. In the AWS Console, select the region where your Nomad Media deployment is located.
  2. Create a new IAM user (see Step D below for the user name).
  3. Generate an Access Key and Secret Key for this user — these will be used when configuring event notifications in Wasabi.

D. Create the SNS Topic and Subscription

Follow the Wasabi SNS event notification guide.

1. Create the SNS Topic

  • Topic name: nomad-{projectPrefix}-s3-events
  • Type: Standard

2. Create a Subscription

  • Topic: nomad-{projectPrefix}-s3-events
  • Protocol: Amazon SQS
  • Endpoint: nomad-{projectPrefix}-system-S3WatcherQueue

3. Create an IAM Policy

In the AWS Console, create a new IAM policy using the following JSON. Replace the ARN resource value with the ARN of your SNS topic.

  • Policy name: nomad-{projectPrefix}-s3-sns-topic
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeRegions",
        "sns:ListTopics"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": "sns:*",
      "Resource": "arn:aws:sns:{aws-region}:{account-id}:nomad-{projectPrefix}-s3-events"
    }
  ]
}

4. Create the IAM User and Attach the Policy

  • User name: wasabi-sns-user
  • Attach the nomad-{projectPrefix}-s3-sns-topic policy to this user.
  • Follow the remaining steps in the Wasabi documentation to complete the user setup.

E. Create the S3 Buckets

Refer to the Wasabi bucket creation guide.

Create two buckets in the Wasabi region closest to your AWS deployment region:

BucketName
Content bucketnomad-{projectPrefix}
Job output bucketnomad-{projectPrefix}-jobs

For both buckets:

  • Enable bucket versioning

F. Enable Event Notifications

Refer to the Wasabi event notifications guide.

Perform these steps for both buckets created above:

  • Event name: nomad-{projectPrefix}-s3-events
  • Event types: Select all
  • Destination: Select the AWS region and SNS topic created in Step D (nomad-{projectPrefix}-s3-events)

G. Configure the Nomad Project

Add the following to your Nomad project configuration, replacing values with your specific project prefix, bucket names, and secret key paths.

"application/externalBucketSettings": {
    "externalAccessSecretKey": "nomad/{projectPrefix}/wasabi",
    "externalBuckets": [
        {
            "externalCredentialsName": "wasabi-{projectPrefix}-buckets",
            "bucketName": "nomad-{projectPrefix}"
        },
        {
            "externalCredentialsName": "wasabi-{projectPrefix}-buckets",
            "bucketName": "nomad-{projectPrefix}-jobs"
        }
    ]
},

"application/wasabiAir": {
    "SecretKey": "nomad/{projectPrefix}/wasabiAir",
    "BaseUrl": "https://air.wasabisys.com/api/v1",
    "Services": "air_ocr,air_s2t,air_audiotag,air_nld,air_logo,air_face",
    "jobsBucket": "nomad-{projectPrefix}-jobs"
}

H. Upload Content and Verify

Important: Content placed in the root of a Wasabi bucket will not appear in Nomad. All content must be inside a folder.

  1. In the Wasabi console, open your content bucket (nomad-{projectPrefix}).
  2. Create a new folder.
  3. Upload a file into that folder.
  4. The file should appear in Nomad shortly after upload.