-
Notifications
You must be signed in to change notification settings - Fork 1
Preparing Your AWS Account
This document will outline the necessary steps to prepare your AWS account for use with this sample application. Please refer to the repository README for further reading on preparing accounts and configuring the application.
This page will cover the following topics:
- Setting up an S3 bucket for Zoom Cloud Recordings
- Setting up an IAM policy that defines access to your Cloud Recording S3 bucket
- Setting up an IAM user with an Access Key ID and Secret Access Key, allowing programmatic access to AWS services
In the AWS region of your choice, create a General purpose S3 bucket, naming it anything of your choosing. For this page, we'll use videosdk-cloud-recording-uploads as our S3 bucket name.
Once the bucket has been created, fetch the virtual-hosted-style path of the bucket. Using the bucket name above, videosdk-cloud-recording-uploads, our fully-qualified virtual host path would be:
https://videosdk-cloud-recording-uploads.s3.us-west-2.amazonaws.com
Make note of the bucket URL, as it will be used in the future when configuring the sample application.
Under IAM > Policies > Create policy in the AWS console, create a new policy that will deny access to everything except s3:PutObject into the S3 bucket that was created previously. Using the S3 bucket name defined above, videosdk-cloud-recording-uploads, the policy JSON will look like:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "UploadUserDenyEverything",
"Effect": "Deny",
"NotAction": "*",
"Resource": "*"
},
{
"Sid": "UploadUserAllowPutObject",
"Effect": "Allow",
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::videosdk-cloud-recording-uploads/*"
]
}
]
}Tip
If you don't know the ARN of your S3 bucket, it can be fetched via the AWS Console by clicking on the bucket and navigating to the Properties tab, identifying the contents listed under "Amazon Resource Name (ARN)."
Under IAM > Users > Create user in the AWS console, create a new user that has the attached permission policy defined previously. When the user has been created, create an access key for the user, taking note of the Access Key ID and Secret Access Key, as those credentials will be used in this sample application to access AWS resources in a future section.
Before leaving this page, ensure you have the following pieces of information on a notepad for future configuration in this sample application.
- The fully-qualified URL of the S3 bucket that was created
- The Access Key ID and Secret Access Key of the IAM user that will upload Cloud Recordings