/
Amazon S3

Amazon S3

This page provides a guide to configuring an Amazon S3 service as a Storage Target in the Verba Recording System.

Amazon Simple Storage Service (Amazon S3) is storage for the Internet. You can use Amazon S3 to store and retrieve any amount of data at any time, from anywhere on the web. Amazon S3 stores data as objects within buckets.

Buckets are containers for objects. You can have one or more buckets. For each bucket, you can control access to it (who can create, delete, and list objects in the bucket), view access logs for it and its objects, and choose the geographical region where Amazon S3 will store the bucket and its contents.

WORM features are also supported, which allows putting retention or legal hold on the objects created by the system. Default retention is also supported.

Versioning is NOT supported and MUST be suspended BEFORE you start using the bucket. If upgrading, check that it is suspended BEFORE updating - as older versions could tolerate it but newer versions, which use "Multi-part" upload will FAIL to upload large files and will continually retry, increasing storage capacity and hence cost significantly.

See KA41206 for how to correct problems that may have occurred if you had versioning enabled at any time.

For more information, see WORM and https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html.

For a general description of storage targets, please refer to Storage and export targets.

Please refer to the official guide to configure your service:http://docs.aws.amazon.com/AmazonS3/latest/gsg/GetStartedWithS3.html

Prerequisites

If you configure your storage target to use S3 Versioning, your S3 bucket must have the following permissions applied in the AWS Management Console before the VFC configuration takes place:

  • s3:ListBucketVersions

  • s3:GetObjectVersion

Creating an Amazon S3 target

Follow the steps below to create a new Verba Storage target for Amazon S3:

Step 1 - Open the Verba Web interface then select Data / Storage Targets from the top menu.

Step 2 - Click on Add New Storage Target

Step 3 - Fill in the configuration form according to the requirements in the following table.

Configuration item

Description

Required

Configuration item

Description

Required

Name

Name your storage target. This name will identify this target across the system.

Mandatory

Type

Select Amazon S3

Mandatory

Bucket

The name of your Bucket in Amazon S3

Bucket Naming

Bucket names must contain only lowercase letters, numbers, periods (.) and dashes (-).

Do not specify folders or subfolders, the system does NOT support subfolders, only the root folder of the bucket is supported.

Mandatory

Region

Region-specific endpoints that Amazon S3 supports.

For more information, see http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region

Mandatory

Enable Object Lock and Legal Hold

Select the checkbox if the Object Lock feature will be used for retention and legal hold.

 

Object Lock mode

To use the Object Lock feature of Amazon S3 for retention and Legal Hold, it must first be configured in the bucket's settings on the Amazon side. For more information, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock.html

There are two levels:

  • Governance: Users can't overwrite or delete an object version or alter its lock settings unless they have special permissions. In governance mode, you protect objects against being deleted by most users, but you can still grant some users permission to alter the retention settings or delete the object if necessary. You can also use governance mode to test retention-period settings before creating a compliance mode retention period.

  • Compliance: A protected object version can't be overwritten or deleted by any user, including the root user in your AWS account. When an object is locked in compliance mode, its retention mode can't be changed, and its retention period can't be shortened. Compliance mode helps ensure that an object version can't be overwritten or deleted for the duration of the retention period.

 

Addressing Mode

Specifies the addressing mode used for connecting to the Amazon S3 bucket.

For more information, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html

Virtual Hosted Style: Changes the HTTP Host header to include the bucket name.
For Example: https://bucketname.s3.region.amazonaws.com/key-name

Path Style: Sets the bucket in the URL.
For Example: https://s3.region.amazonaws.com/bucket-name/key-name

 

Access Key Id

Access Key Id of your Amazon S3

 

Secret Access Key

Secret Access Key of your Amazon S3

 

Use Legacy S3 Endpoint Format

Specifies if the new or old format of S3 endpoints are used. The default setting is to not use the legacy format.

Current endpoints are specified in the format https://<bucketName>.s3.<region>.amazonaws.com, with a dot between the s3 and region values.

Legacy endpoints are specified in the format https://<bucketName>.s3-<region>.amazonaws.com, with a dash between the s3 and region values.

 

Step 4 - Click Save to save the settings

Forward proxy configuration

To configure a forward proxy for the Amazon S3 connections, follow the steps below:

In the Verba menu, navigate to System / Servers, select the appropriate server, then click on the Change Configuration tab.

On this tab, fill in the configuration under Storage Management / Storage Targets / Amazon S3. See the table below for reference.

Configuration item

Description

Configuration item

Description

Forward Proxy Address

IP address or FQDN of the forward proxy. When defined, the system will connect through a forward proxy.

Forward Proxy Port

The port of the forward proxy

Forward Proxy Username

Username for basic authentication for the forward proxy server

Forward Proxy Password

Password for basic authentication for the forward proxy server

TLS connection configuration

By default, Verba uses the server certificate for the TLS connection. Its details can be found under the Server Certificate node in the server configuration.

When needed, a custom certificate can be used instead, and other connection properties can be also changed.

In the Verba menu, navigate to System / Verba Servers, select the appropriate server, then click on the Change Configuration tab.

On this tab, fill in the configuration under Storage Management / Storage Targets / Amazon S3. See the table below for reference.

Configuration item

Description

Configuration item

Description

Use Https Protocol

Set to yes, if a secure connection should be used

Storage Class

Specifies what storage class should be used. Available options:

Standard

Reduced Redundancy

Reduced Redundancy Storage (RRS) is a new storage option within Amazon S3 that enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage. It provides a cost-effective, highly available solution for distributing or sharing content that is durably stored elsewhere, or for storing thumbnails, transcoded media, or other processed data that can be easily reproduced.

Connection Timeout (ms)

Defines the connection timeout value in milliseconds.

TLS Key password

Password for the certificate

TLS Key file

Path to the certificate Key file

TLS Certificate

Path to the certificate

TLS CA Certificate

Path to the CA certificate