Skip to main content

Self-Host Screen Capture Videos

Store your own Screen Capture Videos in your own S3 bucket

Matt avatar
Written by Matt
Updated over 12 months ago

Overview

By default, MaestroQA will store Screen Capture videos in our own S3 bucket. Depending on your team's approach to security, you may be required to self host the videos.

This article will help walkthrough how you can set up S3 to start self-hosting.

Before starting this process, reach out to your CSM or Implementation Manager to let them know you want to change how you are storing Screen Capture Videos.

Note: Upon switching to self-hosting, all videos previously created will not be accessible in MaestroQA.

Screen Capture S3 Setup

To let us send screen recordings to an S3 bucket in your AWS account, you'll need to create a bucket and a new role for use with AWS STS assume role. Additionally, you will need to give permissions for sending messages to our SQS queue, which we use to write metadata about the recording into the MaestroQA system.

Step 1: Creating the S3 Bucket

Open your AWS console and complete the following steps.

  1. Create an S3 bucket that is only used for MaestroQA screen recordings.

  2. Record the bucket name, as it will be needed for in the steps below.

  3. Go the "Permissions" tab on the bucket page and scroll to "Cross-origin resource sharing (CORS)"

  4. Click "Edit" and use the following JSON for the CORS policy, replacing <YOUR_HELPDESK_URL> with the base url of the tool where you will be recording.

    [
        {
            "AllowedHeaders": ["*"],
            "AllowedMethods": [
                "PUT",
                "POST",
                "GET",
                "HEAD",
                "DELETE"
            ],
            "AllowedOrigins": [
                <YOUR_HELPDESK_URL>
            ],
            "ExposeHeaders": [
                "ETag",
                "Access-Control-Allow-Origin",
                "Date"
            ],
           "MaxAgeSeconds": 3000
        }
    ]

Step 2: Creating the role and the policy

Create the role and grant them the required permissions:

Go to https://console.aws.amazon.com/iam

  1. Click "Roles"

  2. Click "Create Role"

  3. For “Trusted entity type”, select “AWS account”

  4. Under "An AWS account", select "Another AWS account" and enter the MaestroQA AWS Account ID shared by your CSM.

We recommend under "Options", select “Require External ID” and enter any valid value for “External ID” (Note that MFA is not currently supported).

5. Record this External ID to be provided to MaestroQA.

6. Click "Create policy", "JSON"

7. Paste the policy found below and make sure to:

  • Replace [YOUR_BUCKET_NAME_HERE] with the name of the bucket you created before

  • Ask your CSM for the second "Resource" input 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::[YOUR_BUCKET_NAME_HERE]",
                "arn:aws:s3:::[YOUR_BUCKET_NAME_HERE]/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": ["sqs:SendMessage", "sqs:DeleteMessage"],
            "Resource": [SHARED BY YOUR CSM] 
        }
    ]
}

8. On the Review page, click "Create Role".

9. Finish creating the role, and record the role's ARN as you will need to share this with MaestroQA.

  • In the setup for the role, ensure the "Maximum session duration" is set to 12 hours (default is 1 hour)

Did this answer your question?