AWS Client Stack
CAM does not store, nor take possession of, the organization’s documents at any point. CAM only stores metadata about the documents, workspaces, sites, Teams, channels and folders. Whenever document storage is required, either temporarily using ETL or for longer term with Business Continuity, it uses a cloud storage bucket controlled by the organization. Prosperoware provides a small piece of code to be configured on that cloud storage bucket to provide the integration needed for content sync or storage. Currently we support AWS S3 buckets as an option, but we plan to support Azure as an alternative.
...
Expand | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
Create 2 SQS queues manually as follows:
contentsync-prod-etl-process-v1
|
Expand | ||
---|---|---|
| ||
Create 2 buckets manually: content-sync-configuration-$subdomain - This bucket will use to share AWS setup script to user. $subdomain-prosperoware-io-encrypted-bucket - This bucket will use to store client's content. Set default encryption to AES-256 📗Note: $subdomain Specify your subdomain name. |
Expand | ||
---|---|---|
| ||
Note: --region Specify which AWS Region to send this command's AWS request to. |
Expand | ||
---|---|---|
| ||
|
...
Expand | ||
---|---|---|
| ||
Note: This folder on S3 used for stack. 7. Select operating system Ubuntu as Environment Section 8. Set the Runtime (s) to standard. Set image to: aws/codebuild/standard:2.0. Image version to Always use the latest image for this runtime version. And environment type to Linux. 9. Leave the privileges section unchecked. 10. Select New service role and set the role name to contentsync_role. 11. Click on Additional Configuration. 12. Set VPC to created in the previous steps. 13. Set the Subnets to Private Subnet #1 and Private Subnet #2. 14. Set the Security Group to the Lambda Security Group created at Step #3. 15. Under BuildSpec, select insert build commands and insert the build spec file shared at S3Content/serverless/buildspec.yml. 📗Note: Update --region if it's other than us-east-1. 16.On the buildspec file there are some pre-configured commands that don’t need changes:
17. No change to artifacts. 18. Enable CloudWatch logs option. 19. Set The group name and stream name to blank. 20. Click create build project. |
...
Expand | ||
---|---|---|
| ||
On the IAM console go to Roles. Click contentsync_role. Under Permissions of role, attach the AdministratorAccess Policy. 📗Note: This policy is managed by AWS and permission is given to the CodeBuild service alone. It is required to create and update multiple services such as CloudFormation stack, Lambda function, DynamoDB table, etc. |
Expand | ||
---|---|---|
| ||
The data under Start Build section is predefined and do not be overwritten. |
...