For CareAR Assist customers wishing to use the session recording feature, they will be required to have an AWS S3 account. Any recordings made by a host within the customer’s tenant will be written to their AWS S3 bucket and stored outside of the CareAR product infrastructure.
To enable the Recording option, the Tenant Admin will need to create AWS S3 bucket and then add S3 bucket access data to the CareAR Admin Portal ‘Amazon video recording controls’ section. Session recordings will then be automatically uploaded to the tenant’s AWS S3 bucket by using the provided credentials (Access Key, Secret Key and other AWS account data described below).
CareAR Tenant Configuration
If your tenant has recording functionality available the tenant administrator will be able to see the below configuration options to set up recording after logging into: https://carear.app/#/admin
Once Amazon Access Key ID, Amazon Secret Access Key, Amazon S3 bucket name, Bucket Region, and Enable Video Recording (checked) is saved your end users will be able to record their sessions to the configured S3 bucket. Optionally you may enable Playback in Portal for users to view their recordings from within their Session Activity. This additional optional configuration can be setup using the instructions here after this article: Enabling AWS Recording Session Playback.
Amazon S3 Configuration
The tenant admin must perform the following steps to make the session recording feature available within the tenant’s organization:
- Register for an Amazon S3 account.
- Create the Amazon S3 bucket.
- Create a Policy.
- Create an IAM user.
- Access to the Recording file.
With the information from steps 2-4, the tenant admin will be able to populate their tenant with the details from their AWS S3 account necessary to record sessions.
Register for an AWS S3 Account
Before you can obtain CareAR Session recordings, you first need to obtain an AWS S3 account. (Note the values credentials, names, and regions seen in the below examples are for demo purposes)
- Sign up on AWS Services Portal using email
- Choose “Get started with Amazon S3“
- Add payment information.
Create Amazon S3 bucket
- Go to Amazon S3 Management Console
- In the search bar, lookup and select 'S3'
- Click on 'Create Bucket'
- Specify bucket name (this should be unique Amazon S3-wide ) and bucket region. Choose the region closest to you. Then copy and paste the bucket name and region to the CareAR Web Portal. Make sure you have enabled recording feature by checking 'Enable video recording' flag.
Here is a few examples of AWS S3 Bucket names:
- Within AWS S3, select ‘Block all public access' for the bucket. This is Recommended if you don’t want the recordings to be publicly accessible.
- Click 'Create bucket' - bucket will now be created
Create IAM Policy
- Go to IAM -> Policies. (You can look up IAM in the search bar at top of screen)
- Click 'Create Policy'
- In the pop-up window select 'JSON' tab
- Replace the existing policy with the template below. Replace “your-bucket-name-here” with the name of your AWS bucket in the line that says: "Resource": "arn:aws:s3:::your-bucket-name-here/*"
1{
2 "Version": "2012-10-17",
3 "Statement": [
4 {
5 "Sid": "VisualEditor0",
6 "Effect": "Allow",
7 "Action": [
8 "s3:PutObject"
9 ],
10 "Resource": "arn:aws:s3:::your-bucket-name-here/*"
11 }
12 ]
13}
- Click 'NextReview'
- Name the policy (Save this name as you’ll need this shortly) and click 'Create'
- Policy is now created
Create IAM user
- Stay in the IAM section (or you can search for IAM section in search bar at the top of the screen)
- Go to 'Users'
- Select ‘Add User’
- Specify your ‘User name' and select 'Access key - Programmatic access’
- Click 'Next: Permissions' (Permissions should allow CareAR Amazon account to distribute a link to the recording)
- Select ‘Attach existing policies directly’ and look for the policy name previously created earlier
- Skip the next step by clicking 'Next: Review'
- Click 'Create user'
- Unhide ‘Secret access key' and copy. Paste the ‘Access key ID’ and ‘Secret access key’ into relevant fields in CareAR Web Portal and click 'Save’.
Access to the Recording file
The recording file will be accessible via Amazon S3 console as the S3 account owner, or any user with sufficient permissions to download the recording file. The recording link saved to the CareAR Portal Session Activity will be inaccessible with an 'Access Denied' message, unless the recording files are made public.
Amazon S3 bucket regions mapping
Region name |
Amazon Region value |
US East (Ohio) |
us-east-2 |
US East (N. Virginia) |
us-east-1 |
US West (N. California) |
us-west-1 |
US West (Oregon) |
us-west-2 |
Asia Pacific (Mumbai) |
ap-south-1 |
Asia Pacific (Osaka) |
ap-northeast-3 |
Asia Pacific (Seoul) |
ap-northeast-2 |
Asia Pacific (Singapore) |
ap-southeast-1 |
Asia Pacific (Sydney) |
ap-southeast-2 |
Asia Pacific (Tokyo) |
ap-northeast-1 |
Canada (Central) |
ca-central-1 |
Europe (Frankfurt) |
eu-central-1 |
Europe (Ireland) |
eu-west-1 |
Europe (London) |
eu-west-2 |
Europe (Paris) |
eu-west-3 |
Europe (Stockholm) |
eu-north-1 |
South America (São Paulo) |
sa-east-1 |