Live Chat Software by Kayako |
Knowledgebase: Hosted PBX > Call Recordings
AWS S3 Setup For Call Recordings Remote Storage
Posted by Michael Iglesias, Last modified by Michael Iglesias on 12 October 2023 02:04 PM
|
|
**NOTE: This is a general guide to setup an S3 bucket for use with Remote Storage, please always consult with your security team and/or security policies before starting. **Migration NOTE: A new permission was added for testing the connection, please make sure to add the ListAllMyBuckets to your existing permissions to pass the connection test. Create an S3 Bucket for Call Recordings Remote Storage 1. Search for s3 in the top search bar and select S3 from the Services drop-down: 2. Click on the Create bucket button: 3. Type in your bucket name into the Bucket name field: 4. Make sure to select the checkbox next to Block all public access (AWS default selection): 5. Enable Bucket Versioning by selecting Enable: 6. Add Tags if you need, if not leave it as is: 7. Under Default encryption, select Enable for Server-side encryption and select Amazon S3 key (SSE-S3): 8. Leave Advanced settings as is and click on Create bucket: 9. Click on the link of your newly created bucket under the name column: 10. Click on Permissions next to Properties in the tabs list: 11. You will now be on the Permissions page, scroll down to the Bucket policy section and click Edit: 12. You may now copy and paste the S3 policy into the Policy section with your bucket name and click Save changes: Syntax: (replace <bucketName> with your new bucket name) { "Version": "2012-10-17", "Id": "PolicyId2", "Statement": [ { "Sid": "AllowIPmix", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::<bucketName>", "arn:aws:s3:::<bucketName>/*" ], "Condition": { "IpAddress": { "aws:SourceIp": [ "192.92.8.0/24", "64.52.82.0/24", ] } } } ] } Example: { "Version": "2012-10-17", "Id": "PolicyId2", "Statement": [ { "Sid": "AllowIPmix", "Effect": "Allow", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::mycallrecordingbucket", "arn:aws:s3:::mycallrecordingbucket/*" ], "Condition": { "IpAddress": { "aws:SourceIp": [ "192.92.8.0/24", "64.52.82.0/24", ] } } } ] } Create an S3 Policy and User to Access the Bucket Here you are creating a Policy to limit the User to only access S3 and only certain actions of S3 1. Search for iam in the top search bar, then under the Services list, hover your mouse over IAM and you should see Top features with a sub menu, click on Policies 2. Next click on the Create policy button in the main content area 3. Now under the Select a service accordion: click on Choose a service, search for s3, and then click on the S3 link 4. You will now see the Specify permission page, select the following actions to set the Access level: ListAllMyBuckets, ListBucket, GetObject, DeleteObject, and PutObject 5. Under Resources, click Add ARN in the bucket section 6. Enter in your bucket name in the Bucket name* field and then click Add: 7. Under Resources, click Add ARN in the object section: 8. Next, enter in your bucket name in the Bucket name* field. Click the checkbox next to Any next to the Object name* field and then click Add: 9. Now, click on Review policy: 10. Finally, type in your policy name in the Name* field and click Create policy: 11. Create a user with programmatic access. In the top search box, search for iam and then click on Users under Features in the drop-down list: 12. Next click Add users: 13. Now enter the username in the User name field and click Next: 14. Next set the permissions by selecting Attach policies directly, searching for your custom s3 policy in the search box, mark the checkbox next to your policy and then click Next 15. If you need to add tags add them now. If not, just click Create User 16. It should bring you back to the IAM > Users page, you may click on View user in the message or search for your newly created user in the search box and click on the User name listed: 17. You should now be seeing the user, under the summary section there are some tabs, click on Security credentials and scroll down the page to Access keys section. 18. In the Access keys section, click on Create access key button. 19. In the Access key best practices & alternatives page, select Other and Click Next. 20. If you need to add tags add them now. If not, just click Create access key. 21. Your access keys has now been created, copy them or save the csv file for use within the setup of Call Recordings Remote Storage. 22. You have now setup a bucket and access keys for use with call recordings remote storage. You will need the following details to continue with the setup of Call Recordings Remote Storage.
| |
|