Configure storage bucket policies
This feature requires HCP Boundary or Boundary Enterprise
As of Boundary 0.15.0, retention policies can codify storage bucket lifecycle management for session recordings. A Boundary resource known as a storage bucket is used to store recorded sessions. A resource known as a storage policy is used to codify how long session recordings must be kept and when they should be deleted.
A storage policy exists in either the global scope or an org scope. Storage policies that are created in the global scope can be associated with any org scope. However, a storage policy created in an org scope can only be associated with that org scope. Any storage policies associated with an org scope are deleted when you delete the org itself.
For more information about using session recording to audit user sessions, refer to Auditing.
Requirements
Before you can create a storage bucket in Boundary, you must ensure that your environment meets certain requirements. Session recording requires specific configuration for both the external storage provider and the Boundary worker.
A Boundary worker configured for local storage is also required to set up session recording and configure recording bucket policies.
Refer to Create a storage bucket to learn more about setting up storage for session recordings.
Example storage policies
A storage policy defines how long the recording within a scope should retain its session recordings. Storage policy examples include:
- Keep forever
- Do not delete
- Do not retain
- Custom retention period
Create a storage policy
Complete the following steps to create a storage policy in Boundary for session recording:
Log in to Boundary.
Click Storage Policies in the navigation panel in the
global
scope.Click Create a new storage policy.
Complete the following fields to create the Boundary storage policy:
- Name: (Optional) The name field is optional, but if you enter a name it must be unique.
- Description: (Optional) An optional description of the Boundary storage policy for identification purposes.
- Retention Policy: (Required) Specifies how long a recording must be stored, in days.
Policy values include:
Forever
: If enabled, the Deletion Policy field is disabled.Custom
: Specify a custom retention policy in days.Do not protect, allow deletion at any time
SOC 2 (7 years)
HIPPA (6 years)
- Deletion Policy: (Required) Specifies when to delete a recording, in days. Policy values include:
Do not delete
: Do not delete recordings, even after the retention policy is met.Custom
: Specifies the number of days after creation when a session recording should be deleted.
As an example, the following settings would create a SOC 2 compliant policy:
- Name:
soc2-policy
- Description:
SOC 2 compliant storage policy for session recordings
- Retention Policy:
SOC 2 (7 years)
- Deletion Policy:
Custom
Delete after:2657
days Toggle the switch beside Allow orgs to override.
Click Save.
In this example, recordings stored within the global scope must be retained for 7 years (2557 days), and will be automatically deleted 100 days later (at 2657 days). Scopes beneath global
will not be able to override this retention policy, but are able to override the deletion policy.
Warning
Boundary does not support an undo action. Storage policies are meant to enforce compliance to a specific law or regulation. Updating the storage policy of a session recording can have immediate and possibly unexpected results such as the immediate deletion of session recordings.
Attach storage policies to a scope
You must apply storage policies to a scope (global
or a specific org) to take effect. Once attached, all recordings within the child scopes inherit the storage policy, unless overridden by a policy applied to the child scope.
The following example applies the policy created above to an org named prod-databases
with the org ID o_aDkVBCDTvY
.
- Log in to Boundary.
- Click Orgs in the navigation panel and select the
prod-databases
org. - Click Org Settings in the navigation panel for the
prod-databases
org. - Under Storage Policy, click Add Storage Policy.
- Select the
soc2-policy
. - Click Save. This applies the policy to this scope and its children.
Verify attached policies
Check that the storage policy was successfully attached to the prod-databases
scope.
- Log in to Boundary.
- Click Orgs in the navigation panel and select the
prod-databases
org. - Click Org Settings in the navigation panel for the
prod-databases
org. - Verify that the
soc2-policy
is listed under Storage Policy.
Read and list session recordings
New session recordings under the prod-databases
scope should now show a retain_until
and delete_after
date corresponding to the soc2-policy
storage policy.
- Create a new session recording on a target within the
prod-databases
org. - Log in to Boundary.
- Click Session Recordings in the navigation panel.
- Click View for a new recording that was made after the storage policy was attached to the
prod-databases
scope. - Under Session details, verify that the Retain until and Delete after dates match the durations defined in the
soc2-policy
.
Note
Existing recordings within a scope or its children do not automatically have new or updated polices applied to them. Policies must be re-applied to existing recordings to take effect. Refer to the Update storage bucket policies page for more details.
Manual deletion
Deleting a session recording will set the delete_after
field of a session recording to the current database time. Deleting a session recording will fail if the retention duration has not been met.
If delete_after
or delete_time
is after the current time, the session recording will no longer be included in list responses; it also cannot be read, downloaded or played back.
Next steps
After the storage policy is configured in Boundary, new recordings within the applied scope adhere to the defined policy. To retroactively apply the configured policy to existing recordings, refer to update storage bucket policies.