When using VideoSDK Live for video conferencing or live streaming, cloud recording is a common requirement. VideoSDK supports direct upload of recorded videos to AWS S3, but to enable this securely, a specific AWS configuration is required.
This guide walks you through the complete AWS setup, from creating an IAM user with minimal permissions to configuring storage in the VideoSDK dashboard.
Why a Dedicated IAM User Is Required
For security best practices, VideoSDK should never use your AWS root account. Instead, create a dedicated IAM user with restricted permissions so it can:
- Upload video recordings
- Read or delete recordings if required
- Access only one specific S3 bucket
Benefits
- Least-privilege security
- Easy credential rotation
- Reduced blast radius
Step 1: Create an IAM User for VideoSDK
- Log in to the AWS Console
- Navigate to Services → Security, Identity & Compliance → IAM
- Click Users → Create user
User Details
-
User name:
videosdk-storage -
Access type:
- Programmatic access
- Console access (not required)
Click Next
Step 2: Create a Custom S3 Policy
To restrict access to only the required bucket and actions, create a custom IAM policy.
-
On the permissions page:
- Select Attach policies directly
- Click Create policy
Switch to the JSON tab and paste the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
},
{
"Effect": "Allow",
"Action": ["s3:ListBucket"],
"Resource": "arn:aws:s3:::YOUR-BUCKET-NAME"
}
]
}
Replace Bucket Name
Replace YOUR-BUCKET-NAME with your actual S3 bucket name.
Example:
arn:aws:s3:::my-video-recordings/*
Save the Policy
- Name: VideoSDK-S3-Access
- Description: S3 access for VideoSDK recordings
Click Create policy
Step 3: Attach the Policy to the IAM User
This step ensures the IAM user actually has permission to access your S3 bucket.
- Return to the IAM user creation screen
- Refresh the policy list
- Search for VideoSDK-S3-Access
- Select the policy
- Click Next → Create user
Your IAM user is now correctly permissioned.
Step 4: Generate AWS Access Keys
After the user is created:
- Open the user: videosdk-storage
- Go to the Security credentials tab
- Click Create access key
- Select Third-party service
- Confirm and continue
Save These Credentials
- Access Key ID
- Secret Access Key
⚠️ The secret key will be shown only once.
Download the .csv file for backup.
Step 5: Create an S3 Bucket (If Needed)
If you don’t already have an S3 bucket:
- Go to Services → S3
- Click Create bucket
Bucket Configuration
-
Bucket name:
your-videosdk-recordings(must be globally unique) - Region: Choose and remember this
- Block all public access: Enabled
Click Create bucket
Step 6: Configure AWS S3 in VideoSDK Dashboard
VideoSDK Live supports cloud recording with direct S3 upload.
Configuration Steps
- Open VideoSDK Dashboard
- Go to API Keys
- Select your project
- Scroll to Storage Configuration
- Add your AWS S3 details:
{
"bucket": "your-recordings-bucket",
"region": "us-east-1",
"accessKeyId": "YOUR_ACCESS_KEY",
"secretAccessKey": "YOUR_SECRET_KEY",
"acl": "private"
}
Field Explanation
- bucket – Your S3 bucket name
- region – Bucket region
- accessKeyId – IAM access key
- secretAccessKey – IAM secret key
- acl – Use private (recommended)
Save the configuration.
Top comments (0)