Configuring an AWS S3 Bucket for Content Playback Testing

When you use an S3 bucket as Output for your encodings, they will not automatically allow you to test streaming your encoded content from them. The default security model with S3 does not allow for this.

To enable this model, you will need to do the following:

Allow Public Access ACLs

For creating new buckets we have this tutorial: How to create an S3 Encoding Input or Output with the Bitmovin API

For existing buckets:

  1. Go to the Permissions tab of the S3 Bucket a. e.g.: https://s3.console.aws.amazon.com/s3/buckets/?tab=permissions
  2. If it says Access: Bucket and objects not public our Encoder cannot set objects to have the PUBLICACCESS ACL.
    a. In Block public access (bucket settings) push the Edit button
    b. uncheck 🔳 Block
    all_ public access.
    c. Hit Save changes
    d. In the Permissions overview, it should say Access: Objects can be public

When you create the bucket, disable the bucket settings that block public access, which is set by default on new buckets. If you use the AWS Console, they are Block new public ACLs and uploading public objects, and Remove public access granted through public ACLs. See the AWS Documentation on Block Public Access for details.

If you leave those enabled, you will need to ensure that your scripts set ACL permissions to PRIVATE on objects output to this bucket (for example muxings, manifests, etc.), or your encodings will fail.

Note: Encodings started in the https://bitmovin.com/dashboard/ are configured to set the PUBLIC_ACCESS ACL on output files. Allowing Public Access ACLs in the bucket is required for these Encodings to work.

CORS configuration

To allow players to request content for streaming from your S3 bucket, you will also need to allow origin access with a CORS configuration.

  1. Go to the Permissions tab of the S3 Bucket
    a. e.g.: https://s3.console.aws.amazon.com/s3/buckets/ bucket-name ?tab=permissions
  2. Scroll down until Cross-origin resource sharing (CORS) and hit the Edit Button next to it
    a. e.g.: https://s3.console.aws.amazon.com/s3/buckets/ bucket-name /property/cors/edit
  3. Now you can paste or edit the CORS configuration based on your needs.

The following is a good default policy that provides unrestricted access for streaming.

[
    {
        "AllowedHeaders": [
            "Authorization"
        ],
        "AllowedMethods": [
            "GET",
            "HEAD"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [],
        "MaxAgeSeconds": 3000
    }
]

For more information on how to enable CORS on S3 buckets, see the AWS Documentation

Troubleshooting

To troubleshoot upload issues to your AWS S3 bucket are explained here.