Storage setup

Setting up AWS S3

AWS S3 is the household name in cloud storage, and it is a fine choice if you already have an AWS account. This guide keeps your AWS root account out of VOD Manager by creating a least-privilege IAM user, which means a separate access key that can only work with your archive bucket. The main thing to watch is egress fees, because AWS can charge when you download VODs back to your computer.

What you'll do

  • Use an AWS account you already trust, or create a new one.
  • Create one private S3 bucket for your VOD archive.
  • Create an IAM user with a scoped policy. IAM is AWS's permission system, and the policy below limits what the key can touch.
  • Paste the bucket name, region, and access keys into VOD Manager.

Plan on about 15 minutes. Most of that time is AWS account navigation, not VOD Manager setup.

Step 1 — AWS account check

If you already have an AWS account from work, school, or another project, you can use it. If you need a new account, sign up at AWS signup.

AWS often includes a 12-month free tier for some S3 usage, but it is not unlimited. Treat the free tier as a starter allowance, not a promise that a large video archive will stay free.

Step 2 — Pick your region

Your region is where AWS stores the bucket. It affects price a little, but it matters more for upload distance. Pick the region before you create anything, then keep the AWS console set to that region while you work.

For many US streamers, us-east-1 is the cheapest and most documented choice. West Coast streamers may prefer us-west-2. European streamers can start with eu-west-1. The best answer is usually the region closest to where you upload from.

Step 3 — Create the S3 bucket

  1. Open the S3 section in the AWS console and choose Create bucket.
  2. Use a globally unique name, such as vod-manager-your-username-archives. Bucket names are shared across AWS, so simple names are usually taken.
  3. Set the region to the region you picked in Step 2.
  4. Block all public access: leave ON. Your VOD archive should be private. VOD Manager does not need public files.
  5. Leave bucket versioning Disabled unless you already know why you need it. The default SSE-S3 encryption option is fine.
  6. Create the bucket and copy the exact bucket name. You will need it for the IAM policy and the VOD Manager connection form.

Step 4 — Create a least-privilege IAM user

  1. Open the IAM section in the AWS console, find Users, and choose Create user.
  2. Name the user vod-manager. Do not enable AWS Management Console access. VOD Manager only needs programmatic access, which means an access key used by an app.
  3. For permissions, choose Attach policies directly, then create a policy with the JSON in the next section. Replace YOUR-BUCKET-NAME with your real bucket name in both places.
  4. Save the policy as vod-manager-bucket-rw, attach it to the user, and finish creating the user.
  5. Open the new user, go to Security credentials, and create an access key. Choose Application running outside AWS as the use case.
  6. Save the Access Key ID and Secret Access Key immediately. AWS only shows the secret once. If you lose it, create a new key and delete the old one.

The minimal IAM policy

Paste this policy into AWS, then replace every YOUR-BUCKET-NAME placeholder with your bucket name. ListBucket and HeadBucket let VOD Manager test the connection. PutObject, GetObject, and DeleteObject let it archive files and remove old files when you ask it to auto-purge. 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListBucket",
                "s3:HeadBucket"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR-BUCKET-NAME",
                "arn:aws:s3:::YOUR-BUCKET-NAME/*"
            ]
        }
    ]
}

Step 5 — Connect VOD Manager

  • Provider: choose AWS S3.
  • Endpoint: leave blank. AWS uses its normal regional endpoint automatically.
  • Region: enter the region you picked earlier, such as us-east-1.
  • Bucket: enter the exact bucket name.
  • Access Key ID and Secret Access Key: paste the values from the IAM user.
  • Click Test connection. VOD Manager will try a tiny write, read, and cleanup check so you know the key can use the bucket.

Common issues

  • Access denied on PutObject: the policy is missing s3:PutObject, or one of the bucket ARNs does not match your real bucket name.
  • Bucket not found: the bucket may be in a different region than the one you entered in VOD Manager.
  • InvalidAccessKeyId: the access key may have a typo, or you may have pasted the IAM user's username and password instead of the access keys.

Costs to know

S3 Standard in us-east-1 is about $0.023 per GB each month, or about $2.30 for 100 GB. That is only the storage price. Downloads to the internet are commonly about $0.09 per GB after the monthly free allowance.

If your archive is mostly a backup, S3 can be reasonable. If you regularly pull full VODs back down for editing, compare it with Cloudflare R2 before you commit. R2's no-egress model can be easier to predict for heavy editors.

Related guides

Compare S3 to other providers See how AWS S3 stacks up against R2, B2, and Wasabi.
How much storage do I need? Coming soon.
More common questions Quick answers about setup, storage, and privacy.

Save VODs to your existing AWS account

Connect the bucket once, then let VOD Manager save new Twitch streams there automatically.

Get started
Policy note: AWS may change its UI, IAM wording, pricing, free tier, or S3 rules. This guide was written from AWS documentation and pricing pages available at publication time, including S3 bucket creation, IAM user creation, and S3 pricing.