From Bright Pattern Documentation
Jump to: navigation, search
• 5.19 • 5.8


How to Create and Configure an AWS S3 Bucket

Bright Pattern Contact Center supports automatic export of audio and screen recordings to Amazon Web Services (AWS) S3 for storage and playback. Storing recordings on S3 can provide cost savings to your organization, while still allowing you to listen to or view recordings via interaction records on the Bright Pattern Contact Center platform.

This article describes how to create an S3 bucket and configure it for integration with Bright Pattern Contact Center for storing call recordings and/or screen recordings.

Prerequisites

  • You must have an existing Amazon AWS account.
  • You must be an IAM user with administrator access to the account.

Configuration Procedure

Step 1: Create an S3 bucket in the US

If you already have an S3 bucket, you may skip creating a new bucket and simply edit the bucket’s properties to match the following description.

  1. Sign in to your AWS account and then go to the AWS Management Console.

  2. Search the Services for Storage > S3 to get to the Amazon S3 Buckets dashboard. Click Create bucket.

    Amazon S3 > Buckets dashboard


  3. Name the bucket and set the region.

    Create bucket > Name and region


  4. Configure options for the bucket.

    Create bucket > Configure options


  5. Enable the option to block public access.

    Create bucket > Set permissions


  6. Review and click Create bucket.

    Create bucket > Review


  7. Click into the bucket name and view its details. You have the option to add folders to the bucket in order to organize the bucket’s contents when exporting recordings into it later. This is not required.

    New bucket details


Step 2: Get User ARN

Search Amazon services for IAM, go to IAM Dashboard > Access management > Users, and copy an admin user’s User ARN. The User Amazon Resource Name (ARN) is the identifier of the user and you will need it for setting the S3 bucket’s policy later.

IAM > Users > User summary > User ARN



Step 3: Set permissions by editing Bucket Policy

  1. Go back to the Amazon S3 section and view your S3 bucket’s details. Click on the bucket’s Permissions tab and then click Bucket policy to bring up the Bucket policy editor.

    The bucket policy uses JSON-based access policy language to manage advanced permissions to your Amazon S3 resources.

    Click Permissions and then Bucket Policy


  2. Add the policy JSON by either clicking the Policy generator link at the bottom of the editor and completing the form, or copying and pasting the following sample policy JSON into the policy editor and editing the values for:
    1. <user_arn> - The Amazon Resource Name (ARN)/identifier of the admin user that you copied from the IAM Dashboard’s Users section.

    2. <bucket_arn> - The ARN/identifier of your bucket. You can find the bucket ARN either in Amazon S3 Dashboard > the S3 bucket’s properties (see example shown) or at the top of the bucket policy editor (see example shown).

      Amazon S3 Dashboard > the S3 bucket’s properties > Bucket ARN


      top of the bucket policy editor > Bucket ARN


Sample Policy (copy this):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Principal": {
                "AWS": "<user_arn>"
            },
            "Action": "s3:*",
            "Resource": "<bucket_arn>"
        },
        {
            "Sid": "AllObjectActions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "<user_arn>"
            },
            "Action": "s3:*",
            "Resource": "<bucket_arn>"
        }
    ]
}


For example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::532998658301:user/christy.borden"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::brightpatternbucket"
        },
        {
            "Sid": "AllObjectActions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::532998658301:user/christy.borden"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::brightpatternbucket"
        }
    ]
}

Minimum bucket policy, in case you want to tighten things up:

{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Sid": "Statement1",
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::[act_id]:user/[user_name]"
			},
			"Action": [
				"s3:ListBucket",
				"s3:PutObject",
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Resource": [
				"arn:aws:s3:::[bucket_name]/*",
				"arn:aws:s3:::[bucket_name"
			]
		}
	]
}

Specifically here is the list of bucket privileges that are not used (and can be denied, if needed):

  • "s3:GetBucketNotification",
  • "s3:GetBucketAcl",
  • "s3:GetBucketLocation",
  • "s3:GetBucketLogging",
  • "s3:GetBucketPolicy",
  • "s3:GetBucketOwnershipControls",
  • "s3:PutBucketNotification",
  • "s3:ListBucketMultipartUploads",
  • "s3:ListBucketVersions",
  • "s3:ListMultipartUploadParts",
  • "s3:GetAccelerateConfiguration",
  • "s3:GetBucketCORS",
  • "s3:GetBucketVersioning",
  • "s3:GetObjectAcl",
  • "s3:GetObjectAttributes",
  • "s3:GetObjectVersion",
  • "s3:GetAnalyticsConfiguration",
  • "s3:GetBucketObjectLockConfiguration",
  • "s3:GetBucketPolicyStatus",
  • "s3:GetBucketPublicAccessBlock",
  • "s3:GetBucketWebsite",
  • "s3:GetEncryptionConfiguration",
  • "s3:GetInventoryConfiguration",
  • "s3:GetMetricsConfiguration",
  • "s3:GetObjectVersionAcl",
  • "s3:GetObjectVersionAttributes",
  • "s3:GetObjectVersionForReplication",
  • "s3:GetReplicationConfiguration",
  • "s3:AbortMultipartUpload",
  • "s3:DeleteObjectVersion",
  • "s3:InitiateReplication",
  • "s3:PutBucketObjectLockConfiguration",
  • "s3:PutBucketVersioning",
  • "s3:PutEncryptionConfiguration",
  • "s3:PutObjectRetention",
  • "s3:ReplicateObject",
  • "s3:PutObjectVersionAcl",
  • "s3:PutObjectAcl"


3. After pasting the JSON, click Save. If any part of the policy is incorrect, you will not be able to save, and you will see an error message indicating that the policy is invalid. If all goes well, the policy will be saved and there will be no changes on the screen.

Completed bucket policy JSON



S3 Bucket configuration is now complete.


Next Steps