Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Set Up Amazon S3 Bucket for Archiving Recordings

            Modified on Fri, Oct 27, 2023 at 10:32 AM

            This article explains how to set up an Amazon S3 bucket for archived call recording purposes, including creating an S3 bucket, creating the TeleVoIPs access user, and generating the access and secret access keys required to complete the AWS Archive Call Recording service.


            It is your responsibility to enroll with Amazon’s Web Services (AWS).
            Go to: https://aws.amazon.com/console/


            Please follow the instructions lower in this article to create and set up your AWS account. Once completed, you will have the required information to complete the Remote Storage Configuration.


            1. Bucket Name
            2. Access Key ID for Remote Storage user
            3. Secret Access Key for Remote Storage user


            Once set up and activated, your archived call recording files will be transferred to AWS and segregated into directory folders by domain and date. 


            • Each recording will be named using the SIP Call-ID of the recorded call. Each folder with recordings also contains an index file containing the ANI, DNIS, Call Time, Duration, and Call ID for easier searchability. 
            • You may browse and download call recordings using the Amazon S3 web interface or a 3rd party FTP client such as CyberDuck.


            Any call recordings stored in AWS will still be available from the PBX portals (for 6 months). This means that your end-users will be able to access the recordings as usual. They simply need to click on a recorded call, and the system will fetch the file from Amazon and play it.


            Creating an S3 Bucket

            1. Log in to the AWS console and select the S3 service (this can be done by searching 'S3' at the top of the page and select the 'S3' option). After selecting S3, click the 'Create Bucket' button found on the right side of the page.
            2. On the next page, enter a name for the bucket you wish to create and select a region (if unsure, just select the region closest to you). Please remember the bucket name must be globally unique and there are also some other character limitations for the bucket name.

              Bucket Name Example: companyname-recordings

            3. After choosing a name and region, scroll down the page, (you won't need to change the default settings) and click 'Create Bucket' at the bottom of the page. If there are any errors, you will be notified to correct them before you can proceed.

              1. Bucket Creation default settings: 'ACLs disabled' is selected, 'Block all public access' is enabled/checked, 'Bucket versioning' is set to disable, 'Encryption key type' is set to 'Amazon S3 managed keys (SSE-S3)', and 'Bucket Key' set to enable, and under Advanced Settings, 'Object Lock' is set to Disable.

              2. Using these default settings the recording will be kept forever. You will need to configure your own lifespan/retention settings on the bucket if you need this changed.


            Creating an IAM User For Remote Storage Bucket Access

            1. After you have completed the steps above to create a recordings bucket, use the search bar at the top of the page to search 'iam' and select the Identity and Access Management 'IAM' service option.


            2. Select Users from the left menu and click the Create User button further on the right side of the page.



            3. Next, enter a user name for TeleVoIPs Remote Storage access and leave the optional setting underneath unchecked before clicking the 'Next' button found at the bottom right side of the screen.
            4. On the 'Set permissions' page, please be sure to change the option to 'Attach policies directly' before selecting 'Create Policy.' Selecting this option will open a new tab (you may need to allow pop-ups for this to work properly).

              Note: Please keep the initial "IAM > Users > Create user" page tab open as it will be helpful in the final steps.

            5. Next, under the 'Specify permissions' page, and under 'Select a Service' category, select the 'S3' service from the options below (you can also search 'S3'). Once selected, please be sure to change the policy editor to 'JSON', which is found on the right side of this page.

            6. Next, copy the text in the box below within this guide and paste it into a text editor so you can replace the example bucket name "companyname-recordings " with the recordings bucket name you created previously. To avoid confusion, we have bolded the portion of the text you will need to change, and you won't need to edit any other portion.


              IAM Policy Below (Replace bolded text name with the bucket name you created)

              {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListStorageLensConfigurations",
                "s3:ListAccessPointsForObjectLambda",
                "s3:GetAccessPoint",
                "s3:PutAccountPublicAccessBlock",
                "s3:GetAccountPublicAccessBlock",
                "s3:ListAllMyBuckets",
                "s3:ListAccessPoints",
                "s3:PutAccessPointPublicAccessBlock",
                "s3:ListJobs",
                "s3:PutStorageLensConfiguration",
                "s3:ListMultiRegionAccessPoints",
                "s3:CreateJob"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::companyname-recordings/*"
        }
    ]
}
            7. Once you have edited the text seen above to update the bucket name entry, copy the edited text and then go back to the AWS Policy editor page (pictured in step 5) and replace the existing text with the text you just edited. Once completed, click the 'Next' button at the bottom right side of the page.
            8. On the following page, enter a policy name and enter a policy description. Once complete, click the 'Create Policy' button found at the bottom right side of the page.

            9. Return to the "IAM > Users > Create user" tab that should still be open in your browser (this tab is mentioned in step 4 earlier in this process) and be sure to refresh the page to ensure the new policy can be found. Locate the policy you just created by either scrolling down or searching, and ensure there is a blue checkmark next to the policy before clicking 'Next.'
            10. On the following page, click the 'Create User' button found on the bottom right side of the page and then select the user name you created from the list on the next page.
            11. After selecting the user you created, go into the 'Security credentials' tab at the top of the page, scroll down to the 'Access Keys' section of this page, and select the 'Create access key' button.

            12. On the following page, select the option for 'Application running outside AWS' and then click the 'Next' button at the bottom right side of the page and click 'Create access key' on the following page.

            13. Lastly, you will be provided the Access key and Secret access key, which will need to be recorded and used to complete the Remote Storage Configuration.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0