Configure an S3-compliant storage provider
This feature requires HCP Boundary or Boundary Enterprise
The MinIO plugin lets you configure S3-compliant storage providers for session recording.
HashiCorp has tested and confirmed that you can configure the following S3-compliant storage products for session recording using the MinIO plugin:
You can also configure other providers' S3-compliant storage products for session recording storage. We will update the list of providers as we test them.
Requirements
Before you can create a storage bucket in Boundary, you must ensure that your environment meets certain requirements.
Session recording requires specific configuration for both the external storage provider and the Boundary worker.
Refer to Configure workers for session recording to learn about configuring self-managed workers for session recording.
When you determine storage requirements for the external bucket, you should consider:
S3-compliant storage provider requirements
A storage bucket
You must associate the Boundary storage bucket with a third-party storage bucket. A third-party storage bucket contains the bucket name, endpoint URL, optional region, optional prefix, and the service account credentials needed to access the bucket.
A service account and access keys for the storage provider
You must provide service account access keys when you configure a Boundary storage bucket later on.
Refer to your storage provider's documentation to learn how to set up a service account.
The storage bucket must be configured with R/W access. If you use a restricted IAM user policy, the following policy actions must be allowed at a minimum.
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectAttributes", "s3:DeleteObject" ], "Effect": "Allow", "Resource": "arn:aws:s3:::test-session-recording-bucket/*" }, { "Action": "s3:ListBucket", "Effect": "Allow", "Resource": "arn:aws:s3:::test-session-recording-bucket" } ] }
Hitachi Content Platform configuration
HashiCorp has tested and confirmed that you can configure the Hitachi Content Platform for external session recording storage using the MinIO plugin. It is included as an example in this topic. You should be able to configure other S3-compliant storage providers to work for session recording storage as well, but we have not tested other providers.
You must have an account with Hitachi Content Platform to create storage buckets. You can sign up for an account at the following URL:
https://trycontent.hitachivantara.com
When you sign up for an account, Hitachi sends you the details you need to connect to the instance including the endpoint, S3 access key ID, and S3 secret key. Log in to Hitachi's S3 console to create a storage bucket, and make a note of the bucket's name.
In Boundary, set the following environment variables using your Hitachi credentials and the name of the bucket:
export BUCKET_NAME=<YOUR_HITACHI_BUCKET_NAME>
export STORAGE_ACCESS_KEY_ID=<YOUR_HITACHI_ACCESS_KEY_ID>
export STORAGE_SECRET_ACCESS_KEY=<YOUR_HITACHI_SECRET_KEY>
Note
Credential rotation is not supported for Hitachi Content Platform.
Resources
Refer to your S3-compliant storage provider's documentation for more information about configuring storage buckets and service accounts.
Next steps
After you configure the external storage provider, you can create the storage bucket in Boundary.