Storage Location

Where does Birdie keep the data?

Should you wish to use a specific server location or your own S3 bucket for storage, feel free to reach out to us at [email protected] at any time.

Locations

Birdie offers two regions for storing your recordings:

  • Europe (Paris)

  • North America (US-Ohio)

Change your data storage location
How secure and reliable is Birdie infrastructure?

Birdie uses Amazon Web Services (AWS) for secure and resilient hosting of staging and production environments. Because Birdie runs within and depends on our Cloud Infrastructure, data protection and security assurances are essential and provide the foundational elements for supporting industry compliance and robust policy controls. By having our application workloads in a secure, industry-certified environment, our infrastructure provides a higher level of security at scale, while providing worldwide service delivery and industry-leading reliability.

The IT infrastructure that AWS provides is designed and managed in alignment with security best practices, including the following IT security standards:

  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)

  • SOC 2

  • SOC 3

  • FISMA, DIACAP, and FedRAMP

  • DOD CSM Levels 1-5

  • PCI DSS Level 1

  • ISO 9001 / ISO 27001

  • ITAR

  • FIPS 140-2

  • MTCS Level 3

AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.

Storage in your own AWS S3 bucket

You can configure Birdie to store recordings in an Amazon S3 bucket you own. In this configuration, Birdie does not store the recordings on its own servers ; recordings are written into the specified bucket.

In this guide, we'll go through how to configure S3 storage for recordings.

S3 bucket configuration requirements

The target S3 bucket to which you want recordings to be stored can be in any AWS region. Create a new bucket that will be dedicated to Birdie as we don't support s3 storage into a sub-directory, and let default values unless you need to change something specifically.

  1. Sign in to the AWS Management Console.

  2. Navigate to the S3 service.

  3. Select the AWS Region where you want the bucket to be created: you must select one of the supported regions listed in the following table.

  4. Click "Create bucket".

  5. Enter a unique bucket name (e.g., birdie-screen-recordings).

  6. Configure any additional settings as required (e.g., versioning, encryption).

  7. Set the bucket permission to « Block public access »

  8. Click "Create bucket".

  9. Once created add these Cors Settings to you bucket in order to allow uploads to your bucket:

    [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "GET",
                "PUT",
                "POST",
                "DELETE",
                "HEAD"
            ],
            "AllowedOrigins": [
                "https://*.birdie.so"
            ],
            "ExposeHeaders": [],
            "MaxAgeSeconds": 3000
        }
    ]
  10. Edit your Bucket policy and add this, replacing birdie-screen-recordings by the name of your bucket:

    {
        "Version": "2012-10-17",
        "Id": "BirdiePolicy",
        "Statement": [
            {
                "Sid": "BirdiePolicy",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::797105367277:root"
                },
                "Action": "s3:*",
                "Resource": "arn:aws:s3:::birdie-screen-recordings/*"
            }
        ]
    }
  11. Once created please send the Region and Bucket Name to Birdie.

Creating an IAM Policy with appropriate permissions

  1. Navigate to the IAM service in the AWS Management Console.

  2. Click on "Policies" in the left menu, then "Create Policy" button at the top right.

  3. Enable "JSON" tab in the policy editor that opened.

  4. Paste this policy, and make sure to replace into the 2 Resource entries "birdie-screen-recordings" with your own bucket name.

    {
    	"Statement": [
    		{
    			"Action": [
    				"s3:PutObjectAcl",
    				"s3:PutObject",
    				"s3:GetObjectVersion",
    				"s3:GetObjectAcl",
    				"s3:GetObject",
    				"s3:DeleteObjectVersion",
    				"s3:DeleteObject",
    				"s3:ListBucket",
    				"s3:GetBucketLocation"
    			],
    			"Effect": "Allow",
    			"Resource": [
    				"arn:aws:s3:::birdie-screen-recordings/*",
    				"arn:aws:s3:::birdie-screen-recordings"
    			],
    			"Sid": "PermissionSet1"
    		}
    	],
    	"Version": "2012-10-17"
    }
    
  5. Click the Next button at the bottom of the page.

  6. Give your Policy a name, for example "birdie-bucket-policy", then hit the Create policy button.

Creating an IAM Role with the Policy we just created

AWS Identity and Access Management (IAM) is used to control access to various AWS resources, including S3 buckets. To allow Birdie to store recordings into your designated bucket, Birdie's account needs sufficient access to your bucket.

  1. Navigate to the IAM service in the AWS Management Console.

  2. Click "Roles" in the left menu, and then "Create role".

  3. Select « AWS Accounts » and « Another AWS account »

  4. Enter Birdie's AWS account ID: 797105367277

  5. Click "Next: Permissions".

  6. Attach the policy we created at the previous step, in our example we would type "birdie-bucket-policy" in the search field to find our policy in the list. Once found, check the checkbox corresponding to our policy.

  7. Click "Next: Tags" and add any tags if needed.

  8. Click "Next: Review".

  9. Enter a role name (e.g., Birdie-S3-Access-Role).

  10. Click "Create role". Verify that your Trust Policy look like this:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::797105367277:root"
                },
                "Action": "sts:AssumeRole"
            }
        ]
    }
  11. Once created send to Birdie the new role ARN that can be found on the main role page. If you’re hesitating, here is a random example of ARN: arn:aws:iam::987654321098:role/my-role

Put together you should provide Birdie with 3 informations:

  • AWS Role ARN: The unique IAM Role ARN, that will be dedicated for Birdie.

  • Bucket Name: The name of your Amazon S3 bucket.

  • Region: The AWS region where your S3 bucket resides, such as us-east-1

Conclusion

We hope this guide was helpful in showing you how to store your recordings in your own S3 bucket. If you have any questions or run into any issues with the setup, please contact us at [email protected].

Last updated