To use Amazon Web Services (AWS) as your Storage Service, you'll need to provide the following information when creating your Storage Service Resource:
- Access Key
- Secret Key
- Bucket Name
Let's review how to properly configure your AWS account so that you'll only grant OnSIP the necessary permissions to store recordings.
- First, let's sign in to the AWS Console and use the AWS Simple Storage Service (S3) to create a Bucket that will be used to store your recordings. The bucket name must be unique across all S3 accounts, so something like "onsip" is too generic. Be sure to choose the US region closest to you. Do not use a "/" in the bucket name, as it is not supported by Amazon and will break uploads. Use the default settings for users and permissions.
- Next, use the AWS Identity and Access Management Service (IAM) to create a user whose security credentials can be shared with OnSIP. The IAM Service is provided for free to every AWS account. From the Console, select "services" and then "IAM", then select "users" > "create new user" and follow AWS's instructions for adding a user.
- Create an Access Key for the new user. Note: For security reasons, the secret key will only be viewable in the AWS Console at the time the Access Key is created. We recommend you copy and paste it into the Storage Service creation form in the OnSIP Admin Portal now.
- Create a security policy using the IAM Service that permits OnSIP to read the location of your bucket (s3:GetBucketLocation) and to save new files in it (s3:PutObject). This is an example of such a policy:
- From the "User Detail" Screen, attach the security policy to the user.