Storage Location

Where does Birdie keep the data?

Should you wish to use a specific server location or your own S3 bucket for storage, feel free to reach out to us at support@birdie.so at any time.

Locations

Birdie offers two regions for storing your recordings:

Europe (Paris)
North America (US-Ohio)

How secure and reliable is Birdie infrastructure?

Birdie uses Amazon Web Services (AWS) for secure and resilient hosting of staging and production environments. Because Birdie runs within and depends on our Cloud Infrastructure, data protection and security assurances are essential and provide the foundational elements for supporting industry compliance and robust policy controls. By having our application workloads in a secure, industry-certified environment, our infrastructure provides a higher level of security at scale, while providing worldwide service delivery and industry-leading reliability.

The IT infrastructure that AWS provides is designed and managed in alignment with security best practices, including the following IT security standards:

SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70)
SOC 2
SOC 3
FISMA, DIACAP, and FedRAMP
DOD CSM Levels 1-5
PCI DSS Level 1
ISO 9001 / ISO 27001
ITAR
FIPS 140-2
MTCS Level 3

AWS data centers are monitored by 24×7 security, biometric scanning, video surveillance and are continuously certified across a variety of global security and compliance frameworks.

Storage in your own AWS S3 bucket

You can configure Birdie to store recordings in an Amazon S3 bucket you own. In this configuration, Birdie does not store the recordings on its own servers ; recordings are written into the specified bucket.

In this guide, we'll go through how to configure S3 storage for recordings.

Once you've set up your AWS Account with the specified S3 bucket and IAM Role, please send the details to support@birdie.so, and our team will configure Birdie for you.

S3 bucket configuration requirements

The target S3 bucket to which you want recordings to be stored can be in any AWS region. Create a new bucket that will be dedicated to Birdie as we don't support s3 storage into a sub-directory, and let default values unless you need to change something specifically.

Sign in to the AWS Management Console.
Navigate to the S3 service.
Select the AWS Region where you want the bucket to be created: you must select one of the supported regions listed in the following table.
Click "Create bucket".
Enter a unique bucket name (e.g., birdie-screen-recordings).
Configure any additional settings as required (e.g., versioning, encryption).
Set the bucket permission to « Block public access »
Click "Create bucket".

Once created add these Cors Settings to you bucket in order to allow uploads to your bucket:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST",
            "DELETE",
            "HEAD"
        ],
        "AllowedOrigins": [
            "https://*.birdie.so"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

Edit your Bucket policy and add this, replacing birdie-screen-recordings by the name of your bucket:

{
    "Version": "2012-10-17",
    "Id": "BirdiePolicy",
    "Statement": [
        {
            "Sid": "BirdiePolicy",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::797105367277:root"
            },
            "Action": "s3:*",
            "Resource": "arn:aws:s3:::birdie-screen-recordings/*"
        }
    ]
}

Once created please send the Region and Bucket Name to Birdie.

Creating an IAM role with appropriate permissions

AWS Identity and Access Management (IAM) is used to control access to various AWS resources, including S3 buckets. To allow Birdie to store recordings into your designated bucket, Birdie's account needs sufficient access to your bucket.

Navigate to the IAM service in the AWS Management Console.
Click "Roles" and then "Create role".
Select « AWS Accounts » ans « Another AWS account »
Enter Birdie's AWS account ID: 797105367277
Click "Next: Permissions".
Attach the following policy: AmazonS3FullAccess
Click "Next: Tags" and add any tags if needed.
Click "Next: Review".
Enter a role name (e.g., Birdie-S3-Access-Role).

Click "Create role". Verify that your Trust Policy look like this:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::797105367277:root"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

Once created send to Birdie the new role ARN that can be found on the main role page. If you’re hesitating, here is a random example of ARN: arn:aws:iam::987654321098:role/my-role

Put together you should provide Birdie with 3 informations:

AWS Role ARN: The unique IAM Role ARN, that will be dedicated for Birdie.
Bucket Name: The name of your Amazon S3 bucket.
Region: The AWS region where your S3 bucket resides, such as us-east-1

Conclusion

We hope this guide was helpful in showing you how to store your recordings in your own S3 bucket. If you have any questions or run into any issues with the setup, please contact us at support@birdie.so.

PreviousHubspot NextHide sensitive data

Last updated 5 months ago