aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: Session Recording Requirements for Workers (#3414)

Browse Source 
* docs: Session Recording Requirements for Workers

Clarify the requirements for Boundary workers used for session recording
pull/3435/head
Elim Tsiagbey 3 years ago committed by GitHub
parent fd3091d8dc
commit b10a93d0e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 4 deletions
Show Stats Download Patch File Download Diff File

29
website/content/docs/configuration/session-recording/create-storage-bucket.mdx
Unescape View File

@ -19,14 +19,17 @@ Any storage buckets associated with an Org scope are deleted when the Org itself
For more information about using session recording to audit user sessions, refer to [Auditing](/boundary/docs/concepts/auditing).
**Requirements**:
## Requirements
Before you can create a storage bucket, you must ensure that your environment meets certain requirements.
Session recording requires specific configuration for both the AWS S3 storage bucket and the Boundary worker.
### AWS requirements
- An AWS S3 storage bucket
At this time, the only supported storage for storage buckets is AWS S3.
In AWS S3, a storage bucket contains the bucket name, region, and optional prefix, as well as any credentials needed to access the bucket, such as the access and secret key.
- A Boundary PKI worker with access to the AWS S3 storage bucket
This worker must be configured with a local recording storage path, defined as `recording_storage_path`. For more details, refer to [PKI workers](/boundary/docs/configuration/worker/pki-worker#session-recording-hcp-ent).
- An AWS IAM role policy with the following statement:
```json
{
@ -54,6 +57,24 @@ For more information about using session recording to audit user sessions, refer
}
```
### Boundary workers requirements
[Session recording](/boundary/docs/configuration/session-recording) requires at least one PKI worker that:
- Has access to the AWS S3 storage bucket
- Has an accessible directory defined by `recording_storage_path` for storing session recordings while they are in progress. On session closure, Boundary moves the local session recording to remote storage and deletes the local copy. For more details, refer to [PKI workers](/boundary/docs/configuration/worker/pki-worker#session-recording-hcp-ent).
- Has at least 1 MB of available disk space.
- Runs Darwin, Windows, or Linux. The following binaries are not supported for session recording: NetBSD, OpenBSD, Solaris.
Development example:
```hcl
worker {
auth_storage_path="/boundary/demo-worker-1"
initial_upstreams = ["10.0.0.1"]
recording_storage_path="/local/storage/directory"
}
```
Complete the following steps to create a storage bucket for session recording:
<Tabs>

Write Preview
Loading…
Cancel
Save