Xembly uses two different services to enable the storage and streaming of meeting recordings.
AWS S3 (for storing meeting video and audio recordings and meeting thumbnails)
AWS CloudFront distribution (for video-on-demand playback)
The following article explains how to configure your AWS environment and how to configure Xembly’s hybrid cloud solution.
Watch Out: Using Xembly’s hybrid cloud solution will shift the cost of storage and streaming of meeting recording content from Xembly to the customer. Please contact your customer support representative if you need guidance on cost expectations.
Setting up AWS S3
Xembly doesn’t require any unique settings for the S3 bucket. Still, we recommend the following:
Create a new bucket dedicated to Xembly so you can isolate access to only the information Xembly needs
Block all public access
Turn on server-side encryption
To create a new bucket:
Log into your AWS account and go to the S3 service. There is a button called
Create Bucket
.
Click
Create Bucket
to launch a new screenSelect the AWS region you’d like the bucket in
Give the bucket a name (we recommend something like YOUR-COMPANY-NAME-xembly-meeting-recordings). Different regions might incur different costs. Please read AWS pricing for more information.
Important: Please hold onto these two settings as you will need them to configure the hybrid cloud feature in the Xembly Admin dashboard.
Before creating the bucket per our recommendations, please ensure that Block all Public Access
is selected (this is the default setting) and Server-side encryption
is enabled. The default is that Server-side encryption is on using Amazon S3 managed keys, but you can also use your own keys using Amazon’s Key Management service.
Note: The default is that Server-side encryption is on using Amazon S3 managed keys, but you can also use your own keys using Amazon’s Key Management service. For details, scroll to Using AWS KMS at the bottom of our article on Setting up AWS CloudFront.
Setting up Access to the S3 Bucket via AWS IAM
Xembly recommends creating a special IAM user for accessing the S3 bucket. This is to follow the principle of least privilege and scope access to the minimal amount needed.
To create a user account:
Go to the IAM service in AWS
Click
Create User
Name the user (we recommend something like “xembly-hybrid-cloud-user”)
Click next until you get to the last screen
Click
Create User
.
After creating the user, you’ll want to:
Click on the
Policies
link in the left navigation menu. This is where we will set the policy for limiting the user's access to just the S3 bucket we created earlier and with limited actions.Click
Create Policy
from the Policies page
From the policies page
Click JSON as your method for creating the policy
Copy and paste the following JSON into the editable area
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectAttributes",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::BUCKET_NAME",
"arn:aws:s3:::BUCKET_NAME/*"
]
}
]
}
Make sure to change the S3 bucket name ( "arn:aws:s3:::BUCKET_NAME") to the name of the bucket you created previously
Click
next
Name the policy (we recommend “xembly-hybrid-cloud-policy”)
Click
Create Policy
Once you’ve created the policy
Go back to the Users page
Click on the user we created earlier
Click
Add Permissions
andAdd Permissions
again from the dropdownClick
Attach Policies Directly
Search for the policy we just created
Select that policy
Click
next
followed byCreate Permission
Now that we have created our user we’ll need to generate access keys for Xembly to access the S3 bucket.
Click on the
security tab
for the user we created
Click
Create Access Key
and selectOther
.
Continue clicking next until you’ve created your access key.
Important: Save these keys somewhere as you will need to enter them into the Xembly Admin dashboard.
Learn how to set up AWS CloudFront next.