We'll cover some basics of the S3 Sync Service we provide as part of SmartUpgrade's EXPERT-MODE menu system. This service will allow you to sync a copy of your Call Recordings, VoiceMail boxes, and even other custom directories to an AWS S3 Bucket. An AWS S3 Bucket is a container that can grow to unlimited size and can be priced cheaper than EC2 Volume storage. This provides an convenient unlimited archive to meet legal retention requirements for your business while also allowing you to keep your AWS FreePBX instance tidy by using our Auto File Deletion Service to remove old files after they have been synced to your S3 Bucket. Because S3 Sync needs full access to the AWS S3 Service to manage buckets and files, you will need an Access Key ID and Secret Access Key for your AWS account. This is NOT the same as the .pem/.ppk keyfile you use to connect via SSH; these keys are used to manage and access your AWS account and services directly. You can create/manage your AWS Access Keys here: https://console.aws.amazon.com/iam/home?#/users On this page, you will click Add User. Enter a Username like "S3_Sync" (this is for your reference only) and choose the Programmatic Access option. Then select the Attach Existing Policies Directly tab and search for the AmazonS3FullAccess permission. Once you click the Create User button on the last page, you MUST save the Access Key ID and Secret Access Key (click the 'show' link) for use during the S3 Sync setup. You can also download this information in csv format for your records. EITHER WAY, YOU MUST BE CERTAIN TO SAFEGUARD THIS INFORMATION AS IT GRANTS FULL ACCESS TO YOUR AWS S3 BUCKETS AND WOULD BE VERY DANGEROUS IN THE WRONG HANDS!!! If this information does become compromised in the future, you can return to this page, delete the user, create a new one, and reconfigure S3 Sync with the new keys.


IMPORTANT: We strongly recommend that you ensure your S3 Bucket has the "Remove public access granted through public ACLs" option set via the AWS S3 Console so that your files are never accidentally made public, even in cases of user error or bugs in the s3cmd utility. Think of this as a 'master override' for denying Public access to a bucket and all files contained in it. We recommend against using the other "Block..." options here, especially the "...cross-account access..." option, on S3 Sync Buckets, otherwise an error or bug in s3cmd could result in files not syncing properly.