我如何成为从CloudFront的受保护的视频 [英] How do I serve protected videos from cloudfront
问题描述
我想只有通过签名的URL,以服务民营视频内容通过RTMP,访问
I'm trying to serve private video content over RTMP, accessible only through a signed url
下面是我的CloudFront的分布设置:
Here are my CloudFront distribution settings:
Origin Domain Name : ct.recorder.s3.amazonaws.com
Restrict Bucket Access : Yes
Origin Access Identity : Use an Existing Identity
Your Identities : CT rtmp videos
Grant Read Permissions on Bucket : No, I Will Update Permissions
Restrict Viewer Access (Use Signed URLs) : Yes
Trusted Signers : Self
Distribution State : Enabled
当我尝试签CloudFront的URL,它会无法播放。
When I try a signed cloudfront url, it'll fail to play.
我缺少的东西?
我使用的SDK以编程方式上传视频文件,所以我有过,我可以设置权限控制。我必须做一个CannedACL什么?
I'm using the SDK to programmatically upload the video files, so I have control over the permissions I can set. Do I have to make a CannedACL or something?
在桶的水平,我做了一个策略文件:
On the bucket level, I made a policy file:
{
"Version": "2008-10-17",
"Id": "PolicyForCloudFrontPrivateContent",
"Statement": [
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity EF5LIV7LW3XE4"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::ct.recorder/*"
}
]
}
然而,它仍然无法正常工作。我仍然无法访问我的影片
However it still doesn't work. I still can't access my videos
我试过 rtmpdump 和失败与 NetStream.Failed
我莓的免费版本的S3,和我走进桶和桶中,并设置权限的对象,以便原产地访问身份能读。
I got the free edition of Cloudberry for S3, and I went into the bucket and the objects in the bucket and set permissions so that the Origin access identity can read.
其结果是, CloudFront的原产地访问标识EF5LIV7LW3XE4 有斗的对象打开/下载权限,它具有列表的桶本身的权限。
The result is that CloudFront Origin Access Identity EF5LIV7LW3XE4 has Open/download permissions on the object of the bucket, and it has list permissions for the bucket itself.
但是,这并没有帮助。 rtmpdump播放器仍然会返回错误。
But that didn't help. rtmpdump and the player still return errors.
我已经试过编辑策略,但是当我将其更改为迈克尔的这席建议,将其保存,并查看了一遍,我的政策没有我的编辑在里面。
I've tried editing the policy, but when I change it to what Michael suggests, save it, and view it again, my policy does not have my edits in it.
这不,我不能编辑政策,那就是AWS自动更正CanonicalUser到AWS,并适当设置值。
It's not that I can't edit the policy, it's that AWS auto-corrects the "CanonicalUser" to "AWS", and sets the values appropriately.
所以现在我很困惑。该文件说,我需要CanonicalUser,但AWS不会让我这样做。
So now I'm confused. The documentation says I need "CanonicalUser", but AWS won't let me do it.
让正式确认从论坛后的那它确实自动纠正,我假设我的S3存储桶的政策是正确的,并且这个问题在别处。也许与库我使用签我的钥匙。
After getting official confirmation from the forums that it does indeed auto-correct, I'll assume that my S3 bucket policy is correct, and that the problem is elsewhere. Perhaps with the library I'm using to sign my keys.
我试着使用云莓资源管理器来创建签名的CloudFront的网址,用我的私钥和访问ID ,但该URL不会对我的任何播放器或<$工作C $ C> rtmpdump 。
I tried using Cloudberry Explorer to create a signed cloudfront url, using my private key and access ID, but that url wouldn't work for either my player or rtmpdump.
我得到了确认,我是用来创建签名的URL中的节点程序包不符合RTMP网址兼容。是否有一个节点程序包,那是什么?
I got confirmation that the node package that I was using to create signed urls wasn't compatible with rtmp urls. Is there a node package that is?
推荐答案
签署的网址是问题。我用的是节点程序包不能做RTMP网址。有一次,我切换到使用官方SDK的.NET,我可以发挥我的内容。该软件包已被更新,RTMP URL来工作。
The signed URL was the problem. The node package I was using couldn't do rtmp urls. Once I switched to using the official sdk for .net, I could play my content. The package has since been updated to work with rtmp urls.
这篇关于我如何成为从CloudFront的受保护的视频的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
