Prerequisites
Create a bucket for audio files
An S3 bucket must be created as a storage target for the audio files.
Why can't audio files and database backups share the same bucket?
Database backups should be stored using the WORM (write-once-read-many) model to prevent corruption or tampering, whereas audio files will need to be periodically modified or removed depending on the retention policies. To support WORM storage, S3 Object Lock has to be enabled, this is defined at the bucket level, requiring separate buckets.
More information about S3 Object Lock can be found at the following link. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html
From Amazon S3 console at https://console.aws.amazon.com/s3/.
-
Choose Create bucket from the console top menu to create a new Amazon S3 bucket.
-
On the Create bucket setup page, perform the following actions:
-
For General configuration:
-
Provide a unique name for the new bucket in the Bucket name box.
-
From the AWS Region dropdown list, select the AWS cloud region where the new S3 bucket will be created
-
-
For Block Public Access settings for bucket, select Block all public access to ensure that all public access to this bucket and its objects is blocked.
-
(Optional) Tags, use the Add tag button to create and apply user-defined tags to the S3 bucket. You can track storage costs and other criteria by tagging your bucket.
-
For Default encryption, select Enable under Server-side encryption, and choose one of the encryption key types available. If you don't know what to choose, then choose Amazon S3-managed keys (SSE-S3).
-
-
Choose Create bucket to create your new Amazon S3 bucket.
Result
S3 bucket will be created and displayed in the console.
Create IAM policy for access to the audio bucket
An IAM Policy has to be created and assigned to an IAM user so that objects can be added to the S3 bucket by that IAM user
From Amazon IAM console at https://console.aws.amazon.com/iam/.
-
From the Policies menu. Choose Create Policy to create a new IAM Policy.
-
Select JSON tab, copy the following access policy and paste it into the JSON field. Do not forget to replace miarec-audio-storage with your bucket name!!!.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::miarec-audio-storage"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::miarec-audio-storage/*"
]
}
]
}
(Optional) Tags, use the Add tag button to create and apply user-defined tags to the resource. You can track cost and other criteria by tagging your resource.
Review policy, choose a descriptive name and description for the policy and click the Create policy button.
Result
The policy will be created and ready to be assigned
Create IAM User for audio bucket
IAM user has to be created that can be used to relocate audio files from Miarec to S3 storage. We recommend using a separate user account rather than granting the same user access to both database backup and audio file buckets.
From Amazon IAM console at https://console.aws.amazon.com/iam/.
-
From the Users menu, choose Add User to create a new IAM User.
-
Details, choose User name and enable Programmatic access.
-
Permissions, select Attach existing policies directly and then select the previously created policy from the list. Use the search box to find the policy by name.
-
(Optional) Tags, use the Add tag button to create and apply user-defined tags to the resource.
-
Review, confirm the settings and click Create user.
-
On the Complete screen, copy Access Key ID and Secret access key and store them in a secure place. This will be used later to configure a Storage target in the MiaRec application.
Result
User will be added, access key and the secret access key will be available to use to access the S3 bucket.
