How to Store VideoSDK Cloud Recordings Securely on AWS S3

Source: Dev.to

Why a Dedicated IAM User Is Required

For security best practices, VideoSDK should never use your AWS root account. Instead, create a dedicated IAM user with restricted permissions so it can:

• Upload video recordings
• Read or delete recordings if required
• Access only one specific S3 bucket

Benefits

• Least‑privilege security
• Easy credential rotation
• Reduced blast radius

Step 1: Create an IAM User for VideoSDK

1. Log in to the AWS Console.
2. Navigate to Services → Security, Identity & Compliance → IAM.
3. Click Users → Create user.

User Details

• User name: videosdk-storage
• Access type: Programmatic access (Console access not required)

Click Next to continue.

Step 2: Create a Custom S3 Policy

To restrict access to only the required bucket and actions, create a custom IAM policy.

1. On the permissions page, select Attach policies directly.
2. Click Create policy and switch to the JSON tab.
3. Paste the following policy (replace YOUR-BUCKET-NAME with your actual bucket name):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
    },
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME"
    }
  ]
}

Replace Bucket Name

arn:aws:s3:::my-video-recordings/*

4. Save the policy with:
   • Name: VideoSDK-S3-Access
   • Description: S3 access for VideoSDK recordings

Click Create policy.

Step 3: Attach the Policy to the IAM User

1. Return to the IAM user creation screen and refresh the policy list.
2. Search for VideoSDK-S3-Access and select it.
3. Click Next → Create user.

Your IAM user is now correctly permissioned.

Step 4: Generate AWS Access Keys

1. Open the user videosdk-storage.
2. Go to the Security credentials tab.
3. Click Create access key, select Third‑party service, and confirm.

Save These Credentials

• Access Key ID
• Secret Access Key (shown only once)

Download the .csv file for backup.

Step 5: Create an S3 Bucket (If Needed)

1. Go to Services → S3.
2. Click Create bucket.

Bucket Configuration

• Bucket name: your-videosdk-recordings (must be globally unique)
• Region: Choose and remember the region
• Block all public access: Enabled

Click Create bucket.

Step 6: Configure AWS S3 in VideoSDK Dashboard

VideoSDK Live supports cloud recording with direct S3 upload.

1. Open the VideoSDK Dashboard.
2. Go to API Keys and select your project.
3. Scroll to Storage Configuration and add your AWS S3 details:

{
  "bucket": "your-recordings-bucket",
  "region": "us-east-1",
  "accessKeyId": "YOUR_ACCESS_KEY",
  "secretAccessKey": "YOUR_SECRET_KEY",
  "acl": "private"
}

Field Explanation

• bucket – Your S3 bucket name
• region – Bucket region
• accessKeyId – IAM access key
• secretAccessKey – IAM secret key
• acl – Use private (recommended)

Save the configuration.