To use Amazon Web Services (AWS) as your Storage Service, you'll need to provide the following information when creating your Storage Service Resource:
- Access Key
- Secret Key
- Bucket Name
Let's review how to properly configure your AWS account so that you'll only grant OnSIP the necessary permissions to store recordings.
- First, let's sign in to the AWS Console and use the AWS Simple Storage Service (S3) to create a Bucket that will be used to store your recordings. The bucket name must be unique across all S3 accounts, so something like "onsip" is too generic. Be sure to choose the US region closest to you. Do not use a "/" in the bucket name, as it is not supported by Amazon and will break uploads. Use the default settings for users and permissions.
- Next, use the AWS Identity and Access Management Service (IAM) to create a user whose security credentials can be shared with OnSIP. The IAM Service is provided for free to every AWS account. From the Console, select "services" and then "IAM", then select "users" and click on the "Add User" button. Name the user "OnSIPRecording" and choose "Programatic access".
- Create an Access Key for the new user. Note: For security reasons, the secret key will only be viewable in the AWS Console at the time the Access Key is created. We recommend you copy and paste it into the Storage Service creation form in the OnSIP Admin Portal now.
- Create a security policy using the IAM Service that permits OnSIP to read the location of your bucket (s3:GetBucketLocation) and to save new files in it (s3:PutObject). Choose "Policies" and click on "Create Policy". Choose "Create your own Policy". Name this policy "OnSIPRecording" and cut/paste the following example. Be sure to change the bucket name to your unique bucket name:
- From the "User Detail" Screen, attach the security policy to the user.