SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

How to Save Twilio Recordings using AWS-KMS encryption on your AWS-S3 Storage Bucket

Objective

Due to your organization's security rules or to maintain compliance, you may be asked to set AWS-KMS as the default encryption method when saving recordings on an External S3 Storage Bucket.

 

Product

Programmable Voice

 

Procedure

  • Recording Status Callback must be enabled on the desired call flow.
  • Please review the document here to know how to enable encryption when the recording is stored on Twilio.
  • Recording must be stored on Twilio. 

Instead of enabling external recording storage to AWS, you can set the recordings to be stored encrypted on Twilio and build a script that performs the following actions. The script should be able to receive a notification that a recording has been processed (using recordingStatusCallback=completed)

  • Download the recording from Twilio to your server
  • Decrypt the recording on your server.
  • Upload the recording to your desired destination with the encryption settings you want.
  • Verify the upload action executed previously and then delete the recording from Twilio storage.

 

Additional Information 

Note: If you use any other cloud provider, for example- Azure, GCP or Oracle, the above steps can be used in conjunction with the respective Cloud Provider's APIs to manage your encryption keys, encryption settings and external storage settings for storing Twilio recordings in an encrypted way outside Twilio.

 

Have more questions? Submit a request
We can’t wait to see what you build.
Powered by Zendesk