AWS Client Stack (Appendix)

CAM does not store, nor take possession of, the organization’s documents at any point. CAM only stores metadata about the documents, workspaces, sites, Teams, channels and folders. Whenever document storage is required, either temporarily using ETL or for longer term with Business Continuity, it uses a cloud storage bucket controlled by the organization. Prosperoware provides a small piece of code to be configured on that cloud storage bucket to provide the integration needed for content sync or storage. Currently we support AWS S3 buckets as an option, but we plan to support Azure as an alternative.

CAM utilizes this feature set in 2 ways:

Business Continuity: CAM can sync documents in the organization’s DMS to the AWS S3 bucket so if the organization’s cloud DMS goes down, users can access their documents securely through CAM using a one-time password.
ETL (Extract Transform Load) Manager: Users can move documents stored in MS 365 Teams and Channels to the DMS, or from the DMS to Teams in order to facilitate easy access for the end-user to access documents when needed, while providing governance around that content so it ends up in the desired system of record for documents.

In both instances, all documents are stored in the organization’s AWS S3 bucket and the synching happens between AWS S3 and the DMS systems.

Pre-requisites

Configure AWS at Client - To Access the client’s AWS account with access keys .
Configure AWS on CAM - To Access AWS from CAM to Sync contents with access keys.

Configure AWS at Client

Create below resources manually

Create 2 SQS queues manually as follows:

contentsync-prod-job-process-v1

Description

Description
Standard Queue
Receive Message Wait Time: 0 seconds
Message Retention Period: 14 days
Maximum Message Size: 256 (kB)
Don't use redrive policy
Don't use SSE (Server-Side Encryption)
Delivery Delay: 0 seconds
Default Visibility Timeout: 16 minutes

contentsync-prod-etl-process-v1

Description

Description
Standard Queue
Receive Message Wait Time: 0 seconds
Message Retention Period: 14 days
Maximum Message Size: 256 (kB)
Don't use redrive policy
Don't use SSE (Server-Side Encryption)
Delivery Delay: 0 seconds
Default Visibility Timeout: 16 minutes

Create 2 buckets manually:

content-sync-configuration-$subdomain - This bucket will use to share AWS setup script to user.

$subdomain-prosperoware-io-encrypted-bucket - This bucket will use to store client's content. Set default encryption to AES-256

Note: $subdomain Specify your subdomain name.

Prosperoware will share the scripts to create VPC.
Download the scripts will be available at content-sync-configuration-$subdomain/vpc-configuration/.
Configure AWS CLI. Follow instructions provided at AWS: AWS CLI.
Execute below command on the terminal to create VPC:
sh deploy.script create-stack --region us-east-1

Note: --region Specify which AWS Region to send this command's AWS request to.

Head over to VPC
Under Security Group click Create Security Group:

Set the security group name to Lambda-SG
Select the VPC created from previous step.
Add a rule for inbound and outbound as All Trafic and Source 0.0.0.0/0 or Destination as 0.0.0.0/0

Update below 2 files

Open params-prod.yml available at S3Content/serverless/params/us-east-1
- LambdaRole (update the AWSACCOUNTID to your AWSACCOUNTID)
- SecurityGroup (Lambda-SG created in the previous step)
- SubnetIds (please update the SubnetIds to the private subnet IDs of the VPC created earlier)
- ContentSyncJobProcessQueue (update the AWSACCOUNTID value to your AWSACCOUNTID)
Open appconfig-prod.yml available at S3Content/config/ymls
- CS_JOB_QUEUE (Update the AWSACCOUNTID value to your AWSACCOUNTID
Upload these files in S3 bucket content-sync-configuration-$subdomain

Configure ETL on CAM

Click here for details.